Documentation

New Properties
Trail: Java API for XML Processing (JAXP)
Lesson: JAXP 1.5 and New Properties

New Properties

JAXP 1.5 defines three new properties that can be used to regulate whether or not XML processors resolve external resources as listed above. The properties are:

These API properties have corresponding system properties and jaxp.properties.

ACCESS_EXTERNAL_DTD

Name: http://javax.xml.XMLConstants/property/accessExternalDTD
Definition: Restrict access to external DTDs, external Entity References to the protocols specified.
Value: see Values of the Properties
Default value: all, connection permitted to all protocols.
System property: javax.xml.accessExternalDTD

ACCESS_EXTERNAL_SCHEMA

Name: http://javax.xml.XMLConstants/property/accessExternalSchema
Definition: restrict access to the protocols specified for external reference set by the schemaLocation attribute, Import and Include element.
Value: see Values of the Properties
Default value: all, connection permitted to all protocols.
System property: javax.xml.accessExternalSchema

ACCESS_EXTERNAL_STYLESHEET

Name: http://javax.xml.XMLConstants/property/accessExternalStylesheet
Definition: restrict access to the protocols specified for external reference set by the stylesheet processing instruction, document function, Import and Include element.
Value: see Values of the Properties
Default value: all, connection permitted to all protocols.
System property: javax.xml.accessExternalStylesheet

${java.home}/lib/jaxp.properties

These properties can be specified in jaxp.properties to define the behavior for all applications using the Java Runtime. The format is property-name=[value][,value]*. For example:

javax.xml.accessExternalDTD=file,http

The property names are the same as those of the system properties: javax.xml.accessExternalDTD, javax.xml.accessExternalSchema, and javax.xml.accessExternalStylesheet.

Values of the Properties

All of the properties have values in the same format.

Value: a list of protocols separated by comma. A protocol is the scheme portion of an URI, or in the case of the JAR protocol, "jar" plus the scheme portion separated by colon. A scheme is defined as:

scheme = alpha *( alpha | digit | "+" | "-" | "." )
where alpha = a-z and A-Z.

And the JAR protocol:
jar[:scheme]

Protocols are case-insensitive. Any whitespaces as defined by Character.isSpaceChar in the value will be ignored. Examples of protocols are file, http, jar:file.

Default value: the default value is implementation specific. In JAXP 1.5 RI, Java SE 7u40, and Java SE 8, the default value is all, granting permissions to all protocols.

Granting all access: the keyword all grants permission to all protocols. For example, setting javax.xml.accessExternalDTD=all in jaxp.properties would allow a system to work as before with no restrictions on accessing external DTDs and Entity References.

Denying any access: an empty string, that is, "", means no permission is granted to any protocol. For example, setting javax.xml.accessExternalDTD="" in jaxp.properties would instruct the JAXP processors to deny any external connections.


Previous page: External Resources
Next page: Scope and Order