JDK-8014891 : Redundant setting of external access properties in setFeatures
  • Type: Bug
  • Component: xml
  • Affected Version: 7u40,8-pool
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • Submitted: 2013-05-20
  • Updated: 2013-06-26
  • Resolved: 2013-05-20
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7u40Fixed 8 b93Fixed
There are properties incorrectky set in method com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl#setFeatures:

    private void setFeatures(Hashtable features)
        throws SAXNotSupportedException, SAXNotRecognizedException {
        if (features != null) {
            Iterator entries = features.entrySet().iterator();
            while (entries.hasNext()) {
                Map.Entry entry = (Map.Entry) entries.next();
                String feature = (String) entry.getKey();
                boolean value = ((Boolean) entry.getValue()).booleanValue();
                domParser.setFeature(feature, value);
                if (feature.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
                    domParser.setProperty(ACCESS_EXTERNAL_DTD, "");
                    domParser.setProperty(ACCESS_EXTERNAL_SCHEMA, "");

Actual value isn't used in the condition. If XMLConstants.FEATURE_SECURE_PROCESSING is explicitly turned of (value = false), restrictions are set anyway
Redundant settings, should be removed. It was already removed in jaxp standalone, but was mistakenly left in the JDK patch.