Class XMLConstants

java.lang.Object
javax.xml.XMLConstants
public final class XMLConstants extends Object
Defines constants for XML Processing APIs.

External Access Properties

Deprecated, for removal: These properties are subject to removal in a future version.
Refer to ACCESS_EXTERNAL_DTD, ACCESS_EXTERNAL_SCHEMA, and ACCESS_EXTERNAL_STYLESHEET
The value of the external access properties, including ACCESS_EXTERNAL_DTD, ACCESS_EXTERNAL_SCHEMA, and ACCESS_EXTERNAL_STYLESHEET, is defined as follows.

Value:

A list of protocols separated by comma. A protocol is the scheme portion of a URI, or in the case of the JAR protocol, "jar" plus the scheme portion separated by colon. A scheme is defined as:
scheme = alpha *( alpha | digit | "+" | "-" | "." )
where alpha = a-z and A-Z.

And the JAR protocol:
jar[:scheme]

Protocols including the keyword "jar" are case-insensitive. Any whitespaces as defined by Character.isSpaceChar(char) in the value will be ignored. Examples of protocols are file, http, jar:file.

Default value:

The default value is implementation specific and therefore not specified. The following options are provided for consideration:
  • an empty string to deny all access to external references;
  • a specific protocol, such as file, to give permission to only the protocol;
  • the keyword "all" to grant permission to all protocols.

When FEATURE_SECURE_PROCESSING is enabled, it is recommended that implementations restrict external connections by default, though this may cause problems for applications that process XML/XSD/XSL with external references.

Granting all access:

The keyword "all" grants permission to all protocols.

Property Precedence

Properties, including the External Access Properties and USE_CATALOG, can be specified through multiple configuration sources. They follow the configuration process as defined in the Configuration section of the module summary.
Since:
1.5
See Also:

  • Field Details

    • NULL_NS_URI

      public static final String NULL_NS_URI
      Namespace URI to use to represent that there is no Namespace.

      Defined by the Namespace specification to be "".

      See Also:

    • DEFAULT_NS_PREFIX

      public static final String DEFAULT_NS_PREFIX
      Prefix to use to represent the default XML Namespace.

      Defined by the XML specification to be "".

      See Also:

    • XML_NS_URI

      public static final String XML_NS_URI
      The official XML Namespace name URI.

      Defined by the XML specification to be "http://www.w3.org/XML/1998/namespace".

      See Also:

    • XML_NS_PREFIX

      public static final String XML_NS_PREFIX
      The official XML Namespace prefix.

      Defined by the XML specification to be "xml".

      See Also:

    • XMLNS_ATTRIBUTE_NS_URI

      public static final String XMLNS_ATTRIBUTE_NS_URI
      The official XML attribute used for specifying XML Namespace declarations, XMLConstants.XMLNS_ATTRIBUTE, Namespace name URI.

      Defined by the XML specification to be "http://www.w3.org/2000/xmlns/".

      See Also:

    • XMLNS_ATTRIBUTE

      public static final String XMLNS_ATTRIBUTE
      The official XML attribute used for specifying XML Namespace declarations.

      It is NOT valid to use as a prefix. Defined by the XML specification to be "xmlns".

      See Also:

    • W3C_XML_SCHEMA_NS_URI

      public static final String W3C_XML_SCHEMA_NS_URI
      W3C XML Schema Namespace URI.

      Defined to be "http://www.w3.org/2001/XMLSchema".

      See Also:

    • W3C_XML_SCHEMA_INSTANCE_NS_URI

      public static final String W3C_XML_SCHEMA_INSTANCE_NS_URI
      W3C XML Schema Instance Namespace URI.

      Defined to be "http://www.w3.org/2001/XMLSchema-instance".

      See Also:

    • W3C_XPATH_DATATYPE_NS_URI

      public static final String W3C_XPATH_DATATYPE_NS_URI
      W3C XPath Datatype Namespace URI.

      Defined to be "http://www.w3.org/2003/11/xpath-datatypes".

      See Also:

    • XML_DTD_NS_URI

      public static final String XML_DTD_NS_URI
      XML Document Type Declaration Namespace URI as an arbitrary value.

      Since not formally defined by any existing standard, arbitrarily define to be "http://www.w3.org/TR/REC-xml".

      See Also:

    • RELAXNG_NS_URI

      public static final String RELAXNG_NS_URI
      RELAX NG Namespace URI.

      Defined to be "http://relaxng.org/ns/structure/1.0".

      See Also:

    • FEATURE_SECURE_PROCESSING

      public static final String FEATURE_SECURE_PROCESSING
      Instructs XML processors to behave securely when processing XML documents.
      • When set to true, it instructs an XML processor to apply appropriate security measures during processing. This may include enabling resource access restrictions, setting limits on certain XML constructs, and applying safe defaults in areas where XML documents may expose risks.
      • When set to false, it instructs an XML processor to prioritize adherence to XML specifications, even if certain constructs may pose security concerns. This does not require the processor to disable all security measures.
      API Note:
      Implementations are required to define and enforce security restrictions in areas where XML documents pose risks. When this property is enabled, implementations shall enable those constraints to ensure secure processing.

      When the property is disabled, implementations are expected to prioritize conformance to the XML specifications. However, they are not required to disable or relax security and may retain constraints at their discretion.

      See Also:

    • ACCESS_EXTERNAL_DTD

      @Deprecated(since="25", forRemoval=true) public static final String ACCESS_EXTERNAL_DTD
      Deprecated, for removal: This API element is subject to removal in a future version.
      Implementations shall follow the requirement of FEATURE_SECURE_PROCESSING to define and enforce security measures.
      Property: accessExternalDTD

      Restrict access to external DTDs and external Entity References to the protocols specified. If access is denied due to the restriction of this property, a runtime exception that is specific to the context is thrown. In the case of SAXParser for example, SAXException is thrown.

      Value: as defined in the class description.

      System Property: javax.xml.accessExternalDTD.

      Configuration File: Yes. The property can be set in the configuration file.

      Since:
      1.7
      See Also:

    • ACCESS_EXTERNAL_SCHEMA

      @Deprecated(since="25", forRemoval=true) public static final String ACCESS_EXTERNAL_SCHEMA
      Deprecated, for removal: This API element is subject to removal in a future version.
      Implementations shall follow the requirement of FEATURE_SECURE_PROCESSING to define and enforce security measures.

      Property: accessExternalSchema

      Restrict access to the protocols specified for external reference set by the schemaLocation attribute, Import and Include element. If access is denied due to the restriction of this property, a runtime exception that is specific to the context is thrown. In the case of SchemaFactory for example, org.xml.sax.SAXException is thrown.

      Value: as defined in the class description.

      System Property: javax.xml.accessExternalSchema

      Configuration File: Yes. The property can be set in the configuration file.

      Since:
      1.7
      See Also:

    • ACCESS_EXTERNAL_STYLESHEET

      @Deprecated(since="25", forRemoval=true) public static final String ACCESS_EXTERNAL_STYLESHEET
      Deprecated, for removal: This API element is subject to removal in a future version.
      Implementations shall follow the requirement of FEATURE_SECURE_PROCESSING to define and enforce security measures.
      Property: accessExternalStylesheet

      Restrict access to the protocols specified for external references set by the stylesheet processing instruction, Import and Include element, and document function. If access is denied due to the restriction of this property, a runtime exception that is specific to the context is thrown. In the case of constructing new Transformer for example, TransformerConfigurationException will be thrown by the TransformerFactory.

      Value: as defined in the class description.

      System Property: javax.xml.accessExternalStylesheet

      Configuration File: Yes. The property can be set in the configuration file.

      Since:
      1.7
      See Also:

    • USE_CATALOG

      public static final String USE_CATALOG
      Feature: useCatalog

      Instructs XML processors to use XML Catalogs to resolve entity references. Catalogs may be set through JAXP factories, system properties, or configuration file by using the javax.xml.catalog.files property defined in CatalogFeatures. The following code enables Catalog on SAX parser: 

           SAXParserFactory spf = SAXParserFactory.newInstance();
     spf.setFeature(XMLConstants.USE_CATALOG, true);
     SAXParser parser = spf.newSAXParser();
     parser.setProperty(CatalogFeatures.Feature.FILES.getPropertyName(), "catalog.xml");

      Value: a boolean. If the value is true, and a catalog is set, the XML parser will resolve external references using CatalogResolver. If the value is false, XML Catalog is ignored even if one is set. The default value is true.

      System Property: javax.xml.useCatalog

      Configuration File: Yes. The property can be set in the configuration file.

      Since:
      9
      See Also: