External Access Properties
The value of the external access properties, includingACCESS_EXTERNAL_DTD
,
ACCESS_EXTERNAL_SCHEMA
, and ACCESS_EXTERNAL_STYLESHEET
,
is defined as follows.
Value:
A list of protocols separated by comma. A protocol is the scheme portion of aURI
, or in the case of the JAR protocol, "jar" plus the scheme
portion separated by colon. A scheme is defined as:
scheme = alpha *( alpha | digit | "+" | "-" | "." )
where alpha = a-z and A-Z.
And the JAR protocol:
jar[:scheme]
Protocols including the keyword "jar" are case-insensitive. Any whitespaces as defined byCharacter.isSpaceChar(char)
in the value will be ignored. Examples of protocols are file, http, jar:file.
Default value:
The default value is implementation specific and therefore not specified. The following options are provided for consideration:
- an empty string to deny all access to external references;
- a specific protocol, such as file, to give permission to only the protocol;
- the keyword "all" to grant permission to all protocols.
When FEATURE_SECURE_PROCESSING is enabled, it is recommended that implementations restrict external connections by default, though this may cause problems for applications that process XML/XSD/XSL with external references.
Granting all access:
The keyword "all" grants permission to all protocols.Property Precedence
Properties, including the External Access Properties andUSE_CATALOG
, can be specified through multiple configuration sources.
They follow the configuration process as defined in the
Configuration section
of the module summary.- Since:
- 1.5
- See Also:
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
Property: accessExternalDTDstatic final String
Property: accessExternalSchemastatic final String
Property: accessExternalStylesheetstatic final String
Prefix to use to represent the default XML Namespace.static final String
Feature for secure processing.static final String
Namespace URI to use to represent that there is no Namespace.static final String
RELAX NG Namespace URI.static final String
Feature: useCatalogstatic final String
W3C XML Schema Instance Namespace URI.static final String
W3C XML Schema Namespace URI.static final String
W3C XPath Datatype Namespace URI.static final String
XML Document Type Declaration Namespace URI as an arbitrary value.static final String
The official XML Namespace prefix.static final String
The official XML Namespace name URI.static final String
The official XML attribute used for specifying XML Namespace declarations.static final String
The official XML attribute used for specifying XML Namespace declarations,XMLConstants.XMLNS_ATTRIBUTE
, Namespace name URI. -
Method Summary
-
Field Details
-
NULL_NS_URI
Namespace URI to use to represent that there is no Namespace.Defined by the Namespace specification to be "".
- See Also:
-
DEFAULT_NS_PREFIX
Prefix to use to represent the default XML Namespace.Defined by the XML specification to be "".
- See Also:
-
XML_NS_URI
The official XML Namespace name URI.Defined by the XML specification to be "
http://www.w3.org/XML/1998/namespace
".- See Also:
-
XML_NS_PREFIX
The official XML Namespace prefix.Defined by the XML specification to be "
xml
".- See Also:
-
XMLNS_ATTRIBUTE_NS_URI
The official XML attribute used for specifying XML Namespace declarations,XMLConstants.XMLNS_ATTRIBUTE
, Namespace name URI.Defined by the XML specification to be "
http://www.w3.org/2000/xmlns/
".- See Also:
-
XMLNS_ATTRIBUTE
The official XML attribute used for specifying XML Namespace declarations.It is NOT valid to use as a prefix. Defined by the XML specification to be "
xmlns
".- See Also:
-
W3C_XML_SCHEMA_NS_URI
W3C XML Schema Namespace URI.Defined to be "
http://www.w3.org/2001/XMLSchema
".- See Also:
-
W3C_XML_SCHEMA_INSTANCE_NS_URI
W3C XML Schema Instance Namespace URI.Defined to be "
http://www.w3.org/2001/XMLSchema-instance
".- See Also:
-
W3C_XPATH_DATATYPE_NS_URI
W3C XPath Datatype Namespace URI.Defined to be "
http://www.w3.org/2003/11/xpath-datatypes
".- See Also:
-
XML_DTD_NS_URI
XML Document Type Declaration Namespace URI as an arbitrary value.Since not formally defined by any existing standard, arbitrarily define to be "
http://www.w3.org/TR/REC-xml
".- See Also:
-
RELAXNG_NS_URI
RELAX NG Namespace URI.Defined to be "
http://relaxng.org/ns/structure/1.0
".- See Also:
-
FEATURE_SECURE_PROCESSING
Feature for secure processing.-
true
instructs the implementation to process XML securely. This may set limits on XML constructs to avoid conditions such as denial of service attacks. -
false
instructs the implementation to process XML in accordance with the XML specifications ignoring security issues such as limits on XML constructs to avoid conditions such as denial of service attacks.
- Implementation Note:
- when the Java Security Manager is present, the JDK sets the value of this feature to true and does not allow it to be turned off.
- See Also:
-
-
ACCESS_EXTERNAL_DTD
Property: accessExternalDTDRestrict access to external DTDs and external Entity References to the protocols specified. If access is denied due to the restriction of this property, a runtime exception that is specific to the context is thrown. In the case of
SAXParser
for example,SAXException
is thrown.Value: as defined in the class description.
System Property:
javax.xml.accessExternalDTD
.Configuration File: Yes. The property can be set in the configuration file.
- Since:
- 1.7
- See Also:
-
ACCESS_EXTERNAL_SCHEMA
Property: accessExternalSchema
Restrict access to the protocols specified for external reference set by the schemaLocation attribute, Import and Include element. If access is denied due to the restriction of this property, a runtime exception that is specific to the context is thrown. In the case of
SchemaFactory
for example, org.xml.sax.SAXException is thrown.Value: as defined in the class description.
System Property:
javax.xml.accessExternalSchema
Configuration File: Yes. The property can be set in the configuration file.
- Since:
- 1.7
- See Also:
-
ACCESS_EXTERNAL_STYLESHEET
Property: accessExternalStylesheetRestrict access to the protocols specified for external references set by the stylesheet processing instruction, Import and Include element, and document function. If access is denied due to the restriction of this property, a runtime exception that is specific to the context is thrown. In the case of constructing new
Transformer
for example,TransformerConfigurationException
will be thrown by theTransformerFactory
.Value: as defined in the class description.
System Property:
javax.xml.accessExternalStylesheet
Configuration File: Yes. The property can be set in the configuration file.
- Since:
- 1.7
- See Also:
-
USE_CATALOG
Feature: useCatalogInstructs XML processors to use XML Catalogs to resolve entity references. Catalogs may be set through JAXP factories, system properties, or configuration file by using the
javax.xml.catalog.files
property defined inCatalogFeatures
. The following code enables Catalog on SAX parser:SAXParserFactory spf = SAXParserFactory.newInstance(); spf.setFeature(XMLConstants.USE_CATALOG, true); SAXParser parser = spf.newSAXParser(); parser.setProperty(CatalogFeatures.Feature.FILES.getPropertyName(), "catalog.xml");
Value: a boolean. If the value is true, and a catalog is set, the XML parser will resolve external references using
CatalogResolver
. If the value is false, XML Catalog is ignored even if one is set. The default value is true.System Property:
javax.xml.useCatalog
Configuration File: Yes. The property can be set in the configuration file.
- Since:
- 9
- See Also:
-