Summary

Deprecates External Access Properties(EAPs).

Problem

The External Access Properties(EAPs), currently accepted at the SE level, are problematic for the following reasons:

• Breaks the Original Security Model

  JAXP, the XML APIs in the java.xml model, was designed to be neutral regarding specific security constraints, delegating the responsibility for enforcing secure behavior to implementations instead. The introduction of External Access Properties(EAPs) at the SE level blurred this boundary, coupling the API to specific security semantics and reducing flexibility for implementations.
  
  

• Overly Broad and Scheme-Based

  The External Access Properties(EAPs) defines access control by protocol schemes such as "http", "file". This mechanism is too coarse-grained for practical use:

  • Allowing "http" grants access to all remote resources, potentially exposing applications to unwanted external access; Denying it, blocks all such resources, even if some may be required or trusted.

  • There is no granularity to express scoped or contextual access rules, making them impractical for applications.

As a result, the EAPs neither align with the API design principle nor provide proper controls needed for secure and functional configurations.

Solution

Deprecate the External Access Properties(EAPs) for removal. The Java SE XML API will return to its original design principle for security: using a general directive flag, that is FEATURE_SECURE_PROCESSING(FSP), to instruct implementations to process XML documents securely, while delegating the definition and enforcement of specific security measures, such as access control, to the implementation. This solution maintains API neutrality and flexibility, allowing different implementations to evolve and apply appropriate protections without imposing rigid or coarse constraints at the SE level.

Specification

Refer to the attached html file and convenient links.

Added deprecation statement to the External Access Properties section in the class description of javax.xml.XMLConstants;

Added deprecation annotations to the properties: ACCESS_EXTERNAL_DTD, ACCESS_EXTERNAL_SCHEMA, ACCESS_EXTERNAL_STYLESHEET;

Refined the javadoc for FEATURE_SECURE_PROCESSING

diff --git a/src/java.xml/share/classes/javax/xml/XMLConstants.java b/src/java.xml/share/classes/javax/xml/XMLConstants.java
index e98b3587c99..e9578ddff60 100644
--- a/src/java.xml/share/classes/javax/xml/XMLConstants.java
+++ b/src/java.xml/share/classes/javax/xml/XMLConstants.java
@@ -29,6 +29,12 @@
  * Defines constants for XML Processing APIs.
  *
  * <h2 id="EAP">External Access Properties</h2>
+ * <div class="block"><span class="deprecated-label">Deprecated, for removal:
+ * These properties are subject to removal in a future version.</span>
+ * <div class="deprecation-comment">Refer to {@link #ACCESS_EXTERNAL_DTD},
+ * {@link #ACCESS_EXTERNAL_SCHEMA}, and {@link #ACCESS_EXTERNAL_STYLESHEET}
+ *  </div>
+ *  </div>
  * The value of the external access properties, including {@link #ACCESS_EXTERNAL_DTD},
  * {@link #ACCESS_EXTERNAL_SCHEMA}, and {@link #ACCESS_EXTERNAL_STYLESHEET},
  * is defined as follows.
@@ -220,18 +226,31 @@ private XMLConstants() {
         public static final String RELAXNG_NS_URI = "http://relaxng.org/ns/structure/1.0";

         /**
-         * Feature for secure processing.
+         * Instructs XML processors to behave securely when processing XML documents.
          *
          * <ul>
          *   <li>
-         *     {@code true} instructs the implementation to process XML securely.
-         *     This may set limits on XML constructs to avoid conditions such as denial of service attacks.
+         *     When set to {@code true}, it instructs an XML processor to apply appropriate
+         *     security measures during processing. This may include enabling resource
+         *     access restrictions, setting limits on certain XML constructs, and
+         *     applying safe defaults in areas where XML documents may expose risks.
          *   </li>
          *   <li>
-         *     {@code false} instructs the implementation to process XML in accordance with the XML specifications
-         *     ignoring security issues such as limits on XML constructs to avoid conditions such as denial of service attacks.
+         *     When set to {@code false}, it instructs an XML processor to prioritize
+         *     adherence to XML specifications, even if certain constructs may pose
+         *     security concerns. This does not require the processor to disable all
+         *     security measures.
          *   </li>
          * </ul>
+         *
+         * @apiNote
+         * Implementations are required to define and enforce security restrictions in
+         * areas where XML documents pose risks. When this property is enabled, implementations
+         * shall enable those constraints to ensure secure processing.
+         * <p>
+         * When the property is disabled, implementations are expected to prioritize
+         * conformance to the XML specifications. However, they are not required to
+         * disable or relax security and may retain constraints at their discretion.
          */
         public static final String FEATURE_SECURE_PROCESSING = "http://javax.xml.XMLConstants/feature/secure-processing";

@@ -257,7 +276,10 @@ private XMLConstants() {
          * <a href="{@docRoot}/java.xml/module-summary.html#Conf_CF">configuration file</a>.
          *
          * @since 1.7
+         * @deprecated Implementations shall follow the requirement of {@link #FEATURE_SECURE_PROCESSING}
+         * to define and enforce security measures.
          */
+        @Deprecated(since="25", forRemoval = true)
         public static final String ACCESS_EXTERNAL_DTD = "http://javax.xml.XMLConstants/property/accessExternalDTD";

         /**
@@ -280,9 +302,12 @@ private XMLConstants() {
          * <b>Configuration File:</b>
          * Yes. The property can be set in the
          * <a href="{@docRoot}/java.xml/module-summary.html#Conf_CF">configuration file</a>.
-        *
+         *
          * @since 1.7
+         * @deprecated Implementations shall follow the requirement of {@link #FEATURE_SECURE_PROCESSING}
+         * to define and enforce security measures.
          */
+        @Deprecated(since="25", forRemoval = true)
         public static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema";

         /**
@@ -309,7 +334,10 @@ private XMLConstants() {
          * <a href="{@docRoot}/java.xml/module-summary.html#Conf_CF">configuration file</a>.
          *
          * @since 1.7
+         * @deprecated Implementations shall follow the requirement of {@link #FEATURE_SECURE_PROCESSING}
+         * to define and enforce security measures.
          */
+        @Deprecated(since="25", forRemoval = true)
         public static final String ACCESS_EXTERNAL_STYLESHEET = "http://javax.xml.XMLConstants/property/accessExternalStylesheet";