Prohibits XML documents to be passed through that look like XML attacks on older parsers. Too many attributes, too long element names are such indications. DTD definitions will simply be removed.

Syntax

<xmlProtection removeDTD="boolean" maxElementNameLength="integer" maxAttibuteCount="integer" />

<xmlProtection removeDTD="boolean" maxElementNameLength="integer" maxAttibuteCount="integer" />

Sample

<beans>
  <transport coreThreadPoolSize="20">
	<ruleMatching />
	<dispatching />
	<userFeature />

	<xmlProtection />

	<httpClient />
  </transport>
</beans>

<beans>
  <transport coreThreadPoolSize="20">
	<ruleMatching />
	<dispatching />
	<userFeature />

	<xmlProtection />

	<httpClient />
  </transport>
</beans>

Attributes

Name	Required	Default	Description	Examples
maxAttributeCount	false	1000	If an incoming request exceeds this limit, it will be discarded.	-
maxElementNameLength	false	1000	If an incoming request exceeds this limit, it will be discarded.	-
removeDTD	false	true	Whether to remove the DTD from incoming requests.	-

Can be used in

abort api bean if interceptor internalProxy proxy registration request response serviceProxy soapProxy stompProxy swaggerProxy transport wsStompReassembler