Prevent XXE attack on jboss 4.2

Is it possible to prevent an xxe attack on web service deployed on jboss 4.2 somehow? WS is defined by annotation. I can not find any configuration to disable supporting external entities and dtd.

In this post (Prevent XXE Attack with JAXB) is a solution for parsing soap in servlet, but i need something for annotated WS.

Solution

After long hours of debuging jboss's code I've found a fix for XXE attack on jboss 4.2.2

In DOMUtils.class (located in jbossws-common.jar) I've added extra features on DocumentBuilderFactory instance:

factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);

It solves the problem.

What is the maven-shade-plugin used for, and why would you want to relocate Java packages?
Spring Security issue with JWT: Cannot subclass final class JwtAuthenticationProvider
Stream Audio from Client to Server to Multiple Clients Java
Find minimum sum from given array
Get src value of <img> tags with inconsistent quoting
Unable to find valid certification path to requested target - error even after cert imported
Java | Binary string to byte
Unexpected OutOfMemoryError when allocating an array larger than the heap
Leetcode 643. Maximum Average Subarray I
How to extract ALT-Texts and Images from a PDF
Spring @Sql Annotations, possible to run once before all tests?
Java Wildcard-types vs Kotlin Star-projection
Can't get attributes of AWS SQS queue using Java & TestContainers
Java/VSCode "file.java is not on the classpath of project, only syntax errors are reported"
Using Enums while parsing JSON with GSON
key-value store suggestion
Springboot mySQL Failed to determine a suitable driver class
Ant command 'war' fails with error 'jvxml.xml.lib doesn't denote a zipfileset or a fileset'
Reading Multi-Level XML files in Java
Intellij highlight file in Project Explorer
Java springboot Validation is not working for me
How to start multiple instances of the same Java project in Eclipse?
Unable to resolve name [org.hibernate.dialect.MYSQL5Dialect] as strategy [org.hibernate.dialect.Dialect]
Java JSCrollPane won't resize below minimum size of JButton with text
How to generate classes using maven jaxb implements serializable
String matches method - forward slash not working
How to remove large if-else-if chain with the condition as String::startswith
Save state of object in IntelliJ debug?
When should I use the dollar symbol ($) in a variable name?
Spring-Data-Jpa Repository - Underscore on Entity Column Name