Over a million developers have joined DZone.

Spotlight on GlassFish 4.1: #4 JAXP accessExternalSchema

· Java Zone

Navigate the Maze of the End-User Experience and pick up this APM Essential guide, brought to you in partnership with CA Technologies

'Spotlight on GlassFish 4.1' is a series of posts by David Delabassee that highlights specific enhancements of the upcoming GlassFish 4.1 release. It could be a new feature, a fix, a behaviour change, a tip, etc.

#4 JAXP 1.5 accessExternalSchema
GlassFish 4.1 supports recent JDK versions (JDK 7 u65+ and JDK 8 u5+). Sometime, those newer JDKs might have some side effect as they bring new features too. 

For example, several properties have been introduced in JAXP 1.5 (JDK 7u40+ and JDK 8+). Properties which are used to set restrictions when JAXP is used to process untrusted XML contents. And by default, those restrictions are set!

GF 4.1 is configured to offer the behavior of GF 4.0 used with an older JAXP release (prior to JAXP 1.5), i.e. no restriction on schemas processing. So by default, a GF 4.1 domain.xml is configured with the following JVM option to allow all schemas to be processed: <jvm-options>-Djavax.xml.accessExternalSchema=all </jvm-options>
This configuration obviously assumes that your external XML content is trusted or at least sanitised by an XML firewall. This is applicable to JAXP 1.5 (and above).

Thrive in the application economy with an APM model that is strategic. Be E.P.I.C. with CA APM.  Brought to you in partnership with CA Technologies.

Topics:

Published at DZone with permission of Reza Rahman, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}