Configuring Extension Validation and XML Security - highsource/jaxb-tools GitHub Wiki

Controlling the extension and validation modes

• extension - If true, the XJC binding compiler will run in the extension mode (XJC's -extension option). Otherwise, it will run in the strict conformance mode (this is the default). Please note that you must enable the extension mode if you use vendor extensions in your bindings.
• strict - If true (default), XJC will perform strict validation of the input schema. If strict is set to false XJC will be run with -nv, this disables strict validation of schemas.

Controlling the XML security

Since 0.9.0.

• disableXmlSecurity - If true, disables XML security features when parsing XML documents. Default is true.
• accessExternalSchema - Restricts access to the protocols specified for external reference set by the schemaLocation attribute, import and include elements. Value: a list of protocols separated by comma. A protocol is the scheme portion of a URI, or in the case of the JAR protocol, jar plus the scheme portion separated by colon. The keyword all grants permission to all protocols. Default is all.
• accessExternalDTD - Restricts access to external DTDs and external entity references to the protocols specified. Value: a list of protocols separated by comma. A protocol is the scheme portion of a URI, or in the case of the JAR protocol, jar plus the scheme portion separated by colon. The keyword all grants permission to all protocols. Default is all.