Prohibits XML documents to be passed through that look like XML attacks on older parsers. Too many attributes, too long element names are such indications. DTD definitions will simply be removed.

Can be used in

abort api case chain for global if interceptor internal otherwise proxy registration request response serviceProxy soapProxy stompProxy time transport wsStompReassembler

Syntax

<xmlProtection removeDTD="boolean" maxElementNameLength="integer" maxAttibuteCount="integer" />

<xmlProtection removeDTD="boolean" maxElementNameLength="integer" maxAttibuteCount="integer" />

Sample

<beans>
  <transport coreThreadPoolSize="20">
	<ruleMatching />
	<dispatching />
	<userFeature />

	<xmlProtection />

	<httpClient />
  </transport>
</beans>

<beans>
  <transport coreThreadPoolSize="20">
	<ruleMatching />
	<dispatching />
	<userFeature />

	<xmlProtection />

	<httpClient />
  </transport>
</beans>

Attributes

Name	Required	Default	Description	Examples
maxAttributeCount	false	1000	If an incoming request exceeds this limit, it will be discarded.	-
maxElementNameLength	false	1000	If an incoming request exceeds this limit, it will be discarded.	-
removeDTD	false	true	Whether to remove the DTD from incoming requests.	-