changeset 468:e3065fb07877 jdk8-b91

Merge
author lana
date Fri, 17 May 2013 10:07:23 -0700
parents f39d61028d2f 6443f5627744
children 28162570f256 827b59af45f3 0765806dcc58 ed115f7cc6d0
files
diffstat 111 files changed, 3473 insertions(+), 1305 deletions(-) [+]
line wrap: on
line diff
--- a/src/com/sun/org/apache/bcel/internal/generic/BasicType.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/bcel/internal/generic/BasicType.java	Fri May 17 10:07:23 2013 -0700
@@ -97,8 +97,14 @@
 
   /** @return true if both type objects refer to the same type
    */
+  @Override
   public boolean equals(Object type) {
     return (type instanceof BasicType)?
       ((BasicType)type).type == this.type : false;
   }
+
+  @Override
+  public int hashCode() {
+      return type;
+  }
 }
--- a/src/com/sun/org/apache/bcel/internal/generic/BranchInstruction.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/bcel/internal/generic/BranchInstruction.java	Fri May 17 10:07:23 2013 -0700
@@ -93,6 +93,7 @@
    * Dump instruction as byte code to stream out.
    * @param out Output stream
    */
+  @Override
   public void dump(DataOutputStream out) throws IOException {
     out.writeByte(opcode);
 
@@ -153,6 +154,7 @@
    * @param verbose long/short format switch
    * @return mnemonic for instruction
    */
+  @Override
   public String toString(boolean verbose) {
     String s = super.toString(verbose);
     String t = "null";
@@ -184,6 +186,7 @@
    * @param wide wide prefix?
    * @see InstructionList
    */
+  @Override
   protected void initFromFile(ByteSequence bytes, boolean wide) throws IOException
   {
     length = 3;
@@ -204,26 +207,41 @@
    * Set branch target
    * @param target branch target
    */
-  public void setTarget(InstructionHandle target) {
-    notifyTarget(this.target, target, this);
+  public final void setTarget(InstructionHandle target) {
+    notifyTargetChanging(this.target, this);
     this.target = target;
+    notifyTargetChanged(this.target, this);
   }
 
   /**
-   * Used by BranchInstruction, LocalVariableGen, CodeExceptionGen
+   * Used by BranchInstruction, LocalVariableGen, CodeExceptionGen.
+   * Must be called before the target is actually changed in the
+   * InstructionTargeter.
    */
-  static final void notifyTarget(InstructionHandle old_ih, InstructionHandle new_ih,
+  static void notifyTargetChanging(InstructionHandle old_ih,
                                  InstructionTargeter t) {
-    if(old_ih != null)
+    if(old_ih != null) {
       old_ih.removeTargeter(t);
-    if(new_ih != null)
+    }
+  }
+
+  /**
+   * Used by BranchInstruction, LocalVariableGen, CodeExceptionGen.
+   * Must be called after the target is actually changed in the
+   * InstructionTargeter.
+   */
+  static void notifyTargetChanged(InstructionHandle new_ih,
+                                 InstructionTargeter t) {
+    if(new_ih != null) {
       new_ih.addTargeter(t);
+    }
   }
 
   /**
    * @param old_ih old target
    * @param new_ih new target
    */
+  @Override
   public void updateTarget(InstructionHandle old_ih, InstructionHandle new_ih) {
     if(target == old_ih)
       setTarget(new_ih);
@@ -234,6 +252,7 @@
   /**
    * @return true, if ih is target of this instruction
    */
+  @Override
   public boolean containsTarget(InstructionHandle ih) {
     return (target == ih);
   }
@@ -241,6 +260,7 @@
   /**
    * Inform target that it's not targeted anymore.
    */
+  @Override
   void dispose() {
     setTarget(null);
     index=-1;
--- a/src/com/sun/org/apache/bcel/internal/generic/CodeExceptionGen.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/bcel/internal/generic/CodeExceptionGen.java	Fri May 17 10:07:23 2013 -0700
@@ -58,7 +58,6 @@
  * <http://www.apache.org/>.
  */
 
-import com.sun.org.apache.bcel.internal.Constants;
 import com.sun.org.apache.bcel.internal.classfile.*;
 
 /**
@@ -118,31 +117,35 @@
   /* Set start of handler
    * @param start_pc Start of handled region (inclusive)
    */
-  public void setStartPC(InstructionHandle start_pc) {
-    BranchInstruction.notifyTarget(this.start_pc, start_pc, this);
+  public final void setStartPC(InstructionHandle start_pc) {
+    BranchInstruction.notifyTargetChanging(this.start_pc, this);
     this.start_pc = start_pc;
+    BranchInstruction.notifyTargetChanged(this.start_pc, this);
   }
 
   /* Set end of handler
    * @param end_pc End of handled region (inclusive)
    */
-  public void setEndPC(InstructionHandle end_pc) {
-    BranchInstruction.notifyTarget(this.end_pc, end_pc, this);
+  public final void setEndPC(InstructionHandle end_pc) {
+    BranchInstruction.notifyTargetChanging(this.end_pc, this);
     this.end_pc = end_pc;
+    BranchInstruction.notifyTargetChanged(this.end_pc, this);
   }
 
   /* Set handler code
    * @param handler_pc Start of handler
    */
-  public void setHandlerPC(InstructionHandle handler_pc) {
-    BranchInstruction.notifyTarget(this.handler_pc, handler_pc, this);
+  public final void setHandlerPC(InstructionHandle handler_pc) {
+    BranchInstruction.notifyTargetChanging(this.handler_pc, this);
     this.handler_pc = handler_pc;
+    BranchInstruction.notifyTargetChanged(this.handler_pc, this);
   }
 
   /**
    * @param old_ih old target, either start or end
    * @param new_ih new target
    */
+  @Override
   public void updateTarget(InstructionHandle old_ih, InstructionHandle new_ih) {
     boolean targeted = false;
 
@@ -169,6 +172,7 @@
   /**
    * @return true, if ih is target of this handler
    */
+  @Override
   public boolean containsTarget(InstructionHandle ih) {
     return (start_pc == ih) || (end_pc == ih) || (handler_pc == ih);
   }
@@ -190,10 +194,12 @@
    */
   public InstructionHandle getHandlerPC()                             { return handler_pc; }
 
+  @Override
   public String toString() {
     return "CodeExceptionGen(" + start_pc + ", " + end_pc + ", " + handler_pc + ")";
   }
 
+  @Override
   public Object clone() {
     try {
       return super.clone();
--- a/src/com/sun/org/apache/bcel/internal/generic/LineNumberGen.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/bcel/internal/generic/LineNumberGen.java	Fri May 17 10:07:23 2013 -0700
@@ -58,7 +58,6 @@
  * <http://www.apache.org/>.
  */
 
-import com.sun.org.apache.bcel.internal.Constants;
 import com.sun.org.apache.bcel.internal.classfile.*;
 
 /**
@@ -88,6 +87,7 @@
   /**
    * @return true, if ih is target of this line number
    */
+  @Override
   public boolean containsTarget(InstructionHandle ih) {
     return this.ih == ih;
   }
@@ -96,6 +96,7 @@
    * @param old_ih old target
    * @param new_ih new target
    */
+  @Override
   public void updateTarget(InstructionHandle old_ih, InstructionHandle new_ih) {
     if(old_ih != ih)
       throw new ClassGenException("Not targeting " + old_ih + ", but " + ih + "}");
@@ -113,12 +114,13 @@
     return new LineNumber(ih.getPosition(), src_line);
   }
 
-  public void setInstruction(InstructionHandle ih) {
-    BranchInstruction.notifyTarget(this.ih, ih, this);
-
+  public final void setInstruction(InstructionHandle ih) {
+    BranchInstruction.notifyTargetChanging(this.ih, this);
     this.ih = ih;
+    BranchInstruction.notifyTargetChanged(this.ih, this);
   }
 
+  @Override
   public Object clone() {
     try {
       return super.clone();
--- a/src/com/sun/org/apache/bcel/internal/generic/LocalVariableGen.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/bcel/internal/generic/LocalVariableGen.java	Fri May 17 10:07:23 2013 -0700
@@ -60,6 +60,7 @@
 
 import com.sun.org.apache.bcel.internal.Constants;
 import com.sun.org.apache.bcel.internal.classfile.*;
+import java.util.Objects;
 
 /**
  * This class represents a local variable within a method. It contains its
@@ -75,7 +76,7 @@
   implements InstructionTargeter, NamedAndTyped, Cloneable,
              java.io.Serializable
 {
-  private int         index;
+  private final int   index;
   private String      name;
   private Type        type;
   private InstructionHandle start, end;
@@ -131,30 +132,96 @@
                              signature_index, index, cp.getConstantPool());
   }
 
-  public void        setIndex(int index)           { this.index = index; }
-  public int         getIndex()                   { return index; }
+  public int         getIndex()                  { return index; }
+  @Override
   public void        setName(String name)        { this.name = name; }
+  @Override
   public String      getName()                   { return name; }
+  @Override
   public void        setType(Type type)          { this.type = type; }
+  @Override
   public Type        getType()                   { return type; }
 
   public InstructionHandle getStart()                  { return start; }
   public InstructionHandle getEnd()                    { return end; }
 
-  public void setStart(InstructionHandle start) {
-    BranchInstruction.notifyTarget(this.start, start, this);
-    this.start = start;
+  /**
+   * Remove this from any known HashSet in which it might be registered.
+   */
+  void notifyTargetChanging() {
+    // hashCode depends on 'index', 'start', and 'end'.
+    // Therefore before changing any of these values we
+    // need to unregister 'this' from any HashSet where
+    // this is registered, and then we need to add it
+    // back...
+
+    // Unregister 'this' from the HashSet held by 'start'.
+    BranchInstruction.notifyTargetChanging(this.start, this);
+    if (this.end != this.start) {
+        // Since hashCode() is going to change we need to unregister
+        // 'this' both form 'start' and 'end'.
+        // Unregister 'this' from the HashSet held by 'end'.
+        BranchInstruction.notifyTargetChanging(this.end, this);
+    }
   }
 
-  public void setEnd(InstructionHandle end) {
-    BranchInstruction.notifyTarget(this.end, end, this);
+  /**
+   * Add back 'this' in all HashSet in which it should be registered.
+   **/
+  void notifyTargetChanged() {
+    // hashCode depends on 'index', 'start', and 'end'.
+    // Therefore before changing any of these values we
+    // need to unregister 'this' from any HashSet where
+    // this is registered, and then we need to add it
+    // back...
+
+    // Register 'this' in the HashSet held by start.
+    BranchInstruction.notifyTargetChanged(this.start, this);
+    if (this.end != this.start) {
+        // Since hashCode() has changed we need to register
+        // 'this' again in 'end'.
+        // Add back 'this' in the HashSet held by 'end'.
+        BranchInstruction.notifyTargetChanged(this.end, this);
+    }
+  }
+
+  public final void setStart(InstructionHandle start) {
+
+    // Call notifyTargetChanging *before* modifying this,
+    // as the code triggered by notifyTargetChanging
+    // depends on this pointing to the 'old' start.
+    notifyTargetChanging();
+
+    this.start = start;
+
+    // call notifyTargetChanged *after* modifying this,
+    // as the code triggered by notifyTargetChanged
+    // depends on this pointing to the 'new' start.
+    notifyTargetChanged();
+  }
+
+  public final void setEnd(InstructionHandle end) {
+    // call notifyTargetChanging *before* modifying this,
+    // as the code triggered by notifyTargetChanging
+    // depends on this pointing to the 'old' end.
+    // Unregister 'this' from the HashSet held by the 'old' end.
+    notifyTargetChanging();
+
     this.end = end;
+
+    // call notifyTargetChanged *after* modifying this,
+    // as the code triggered by notifyTargetChanged
+    // depends on this pointing to the 'new' end.
+    // Register 'this' in the HashSet held by the 'new' end.
+    notifyTargetChanged();
+
   }
 
   /**
    * @param old_ih old target, either start or end
    * @param new_ih new target
    */
+  @Override
   public void updateTarget(InstructionHandle old_ih, InstructionHandle new_ih) {
     boolean targeted = false;
 
@@ -176,15 +243,20 @@
   /**
    * @return true, if ih is target of this variable
    */
+  @Override
   public boolean containsTarget(InstructionHandle ih) {
     return (start == ih) || (end == ih);
   }
 
   /**
-   * We consider to local variables to be equal, if the use the same index and
+   * We consider two local variables to be equal, if they use the same index and
    * are valid in the same range.
    */
+  @Override
   public boolean equals(Object o) {
+    if (o==this)
+      return true;
+
     if(!(o instanceof LocalVariableGen))
       return false;
 
@@ -192,10 +264,21 @@
     return (l.index == index) && (l.start == start) && (l.end == end);
   }
 
+  @Override
+  public int hashCode() {
+    int hash = 7;
+    hash = 59 * hash + this.index;
+    hash = 59 * hash + Objects.hashCode(this.start);
+    hash = 59 * hash + Objects.hashCode(this.end);
+    return hash;
+  }
+
+  @Override
   public String toString() {
     return "LocalVariableGen(" + name +  ", " + type +  ", " + start + ", " + end + ")";
   }
 
+  @Override
   public Object clone() {
     try {
       return super.clone();
--- a/src/com/sun/org/apache/bcel/internal/generic/ReturnaddressType.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/bcel/internal/generic/ReturnaddressType.java	Fri May 17 10:07:23 2013 -0700
@@ -58,7 +58,7 @@
  * <http://www.apache.org/>.
  */
 import com.sun.org.apache.bcel.internal.Constants;
-import com.sun.org.apache.bcel.internal.generic.InstructionHandle;
+import java.util.Objects;
 
 /**
  * Returnaddress, the type JSR or JSR_W instructions push upon the stack.
@@ -86,9 +86,15 @@
         this.returnTarget = returnTarget;
   }
 
+  @Override
+  public int hashCode() {
+      return Objects.hashCode(this.returnTarget);
+  }
+
   /**
    * Returns if the two Returnaddresses refer to the same target.
    */
+  @Override
   public boolean equals(Object rat){
     if(!(rat instanceof ReturnaddressType))
       return false;
--- a/src/com/sun/org/apache/bcel/internal/generic/Select.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/bcel/internal/generic/Select.java	Fri May 17 10:07:23 2013 -0700
@@ -97,8 +97,9 @@
     super(opcode, target);
 
     this.targets = targets;
-    for(int i=0; i < targets.length; i++)
-      notifyTarget(null, targets[i], this);
+    for(int i=0; i < targets.length; i++) {
+      BranchInstruction.notifyTargetChanged(targets[i], this);
+    }
 
     this.match = match;
 
@@ -121,6 +122,7 @@
    * @param max_offset the maximum offset that may be caused by these instructions
    * @return additional offset caused by possible change of this instruction's length
    */
+  @Override
   protected int updatePosition(int offset, int max_offset) {
     position += offset; // Additional offset caused by preceding SWITCHs, GOTOs, etc.
 
@@ -138,6 +140,7 @@
    * Dump instruction as byte code to stream out.
    * @param out Output stream
    */
+  @Override
   public void dump(DataOutputStream out) throws IOException {
     out.writeByte(opcode);
 
@@ -151,6 +154,7 @@
   /**
    * Read needed data (e.g. index) from file.
    */
+  @Override
   protected void initFromFile(ByteSequence bytes, boolean wide) throws IOException
   {
     padding = (4 - (bytes.getIndex() % 4)) % 4; // Compute number of pad bytes
@@ -166,8 +170,9 @@
   /**
    * @return mnemonic for instruction
    */
+  @Override
   public String toString(boolean verbose) {
-    StringBuffer buf = new StringBuffer(super.toString(verbose));
+    final StringBuilder buf = new StringBuilder(super.toString(verbose));
 
     if(verbose) {
       for(int i=0; i < match_length; i++) {
@@ -176,7 +181,8 @@
         if(targets[i] != null)
           s = targets[i].getInstruction().toString();
 
-        buf.append("(" + match[i] + ", " + s + " = {" + indices[i] + "})");
+          buf.append("(").append(match[i]).append(", ")
+             .append(s).append(" = {").append(indices[i]).append("})");
       }
     }
     else
@@ -188,15 +194,17 @@
   /**
    * Set branch target for `i'th case
    */
-  public void setTarget(int i, InstructionHandle target) {
-    notifyTarget(targets[i], target, this);
+  public final void setTarget(int i, InstructionHandle target) {
+    notifyTargetChanging(targets[i], this);
     targets[i] = target;
+    notifyTargetChanged(targets[i], this);
   }
 
   /**
    * @param old_ih old target
    * @param new_ih new target
    */
+  @Override
   public void updateTarget(InstructionHandle old_ih, InstructionHandle new_ih) {
     boolean targeted = false;
 
@@ -219,6 +227,7 @@
   /**
    * @return true, if ih is target of this instruction
    */
+  @Override
   public boolean containsTarget(InstructionHandle ih) {
     if(target == ih)
       return true;
@@ -233,6 +242,7 @@
   /**
    * Inform targets that they're not targeted anymore.
    */
+  @Override
   void dispose() {
     super.dispose();
 
--- a/src/com/sun/org/apache/xalan/internal/XalanConstants.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/XalanConstants.java	Fri May 17 10:07:23 2013 -0700
@@ -25,9 +25,7 @@
 
 package com.sun.org.apache.xalan.internal;
 
-import com.sun.org.apache.xerces.internal.impl.*;
-import java.util.Enumeration;
-import java.util.NoSuchElementException;
+import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
 
 /**
  * Commonly used constants.
@@ -42,19 +40,99 @@
     // Constants
     //
     // Oracle Feature:
-        /**
-         * <p>Use Service Mechanism</p>
-         *
-         * <ul>
-         *   <li>
-         *     <code>true</code> instructs the implementation to use service mechanism to find implementation.
-         *     This is the default behavior.
+    /**
+     * <p>Use Service Mechanism</p>
+     *
+     * <ul>
+     *   <li>
+         * {@code true} instruct an object to use service mechanism to
+         * find a service implementation. This is the default behavior.
          *   </li>
          *   <li>
-         *     <code>false</code> instructs the implementation to skip service mechanism and use the default implementation.
-         *   </li>
-         * </ul>
-         */
+         * {@code false} instruct an object to skip service mechanism and
+         * use the default implementation for that service.
+     *   </li>
+     * </ul>
+    */
+
     public static final String ORACLE_FEATURE_SERVICE_MECHANISM = "http://www.oracle.com/feature/use-service-mechanism";
 
+    /** Oracle JAXP property prefix ("http://www.oracle.com/xml/jaxp/properties/"). */
+    public static final String ORACLE_JAXP_PROPERTY_PREFIX =
+        "http://www.oracle.com/xml/jaxp/properties/";
+
+    //System Properties corresponding to ACCESS_EXTERNAL_* properties
+    public static final String SP_ACCESS_EXTERNAL_STYLESHEET = "javax.xml.accessExternalStylesheet";
+    public static final String SP_ACCESS_EXTERNAL_DTD = "javax.xml.accessExternalDTD";
+
+
+    //all access keyword
+    public static final String ACCESS_EXTERNAL_ALL = "all";
+
+    /**
+     * Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
+     */
+    public static final String EXTERNAL_ACCESS_DEFAULT_FSP = "";
+    /**
+     * JDK version by which the default is to restrict external connection
+     */
+    public static final int RESTRICT_BY_DEFAULT_JDK_VERSION = 8;
+    /**
+     * FEATURE_SECURE_PROCESSING (FSP) is false by default
+     */
+    public static final String EXTERNAL_ACCESS_DEFAULT = getExternalAccessDefault(false);
+
+    /**
+     * Determine the default value of the external access properties
+     *
+     * jaxp 1.5 does not require implementations to restrict by default
+     *
+     * For JDK8:
+     * The default value is 'file' (including jar:file); The keyword "all" grants permission
+     * to all protocols. When {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is on,
+     * the default value is an empty string indicating no access is allowed.
+     *
+     * For JDK7:
+     * The default value is 'all' granting permission to all protocols. If by default,
+     * {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is true, it should
+     * not change the default value. However, if {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING}
+     * is set explicitly, the values of the properties shall be set to an empty string
+     * indicating no access is allowed.
+     *
+     * @param isSecureProcessing indicating if Secure Processing is set
+     * @return default value
+     */
+    public static String getExternalAccessDefault(boolean isSecureProcessing) {
+        String defaultValue = "all";
+        if (isJDKandAbove(RESTRICT_BY_DEFAULT_JDK_VERSION)) {
+            defaultValue = "file";
+            if (isSecureProcessing) {
+                defaultValue = EXTERNAL_ACCESS_DEFAULT_FSP;
+            }
+        }
+        return defaultValue;
+    }
+
+    /*
+     * Check the version of the current JDK against that specified in the
+     * parameter
+     *
+     * There is a proposal to change the java version string to:
+     * MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
+     * This method would work with both the current format and that proposed
+     *
+     * @param compareTo a JDK version to be compared to
+     * @return true if the current version is the same or above that represented
+     * by the parameter
+     */
+    public static boolean isJDKandAbove(int compareTo) {
+        String javaVersion = SecuritySupport.getSystemProperty("java.version");
+        String versions[] = javaVersion.split("\\.", 3);
+        if (Integer.parseInt(versions[0]) >= compareTo ||
+            Integer.parseInt(versions[1]) >= compareTo) {
+            return true;
+        }
+        return false;
+    }
+
 } // class Constants
--- a/src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java	Fri May 17 10:07:23 2013 -0700
@@ -26,7 +26,9 @@
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
+import java.io.IOException;
 import java.io.InputStream;
+import java.net.URL;
 
 import java.security.AccessController;
 import java.security.PrivilegedAction;
@@ -36,6 +38,7 @@
 import java.util.Locale;
 import java.util.MissingResourceException;
 import java.util.ResourceBundle;
+import java.util.Properties;
 
 /**
  * This class is duplicated for each subpackage so keep it in sync. It is
@@ -200,7 +203,141 @@
                 })).longValue();
     }
 
+    /**
+     * Strip off path from an URI
+     *
+     * @param uri an URI with full path
+     * @return the file name only
+     */
+    public static String sanitizePath(String uri) {
+        if (uri == null) {
+            return "";
+        }
+        int i = uri.lastIndexOf("/");
+        if (i > 0) {
+            return uri.substring(i+1, uri.length());
+        }
+        return "";
+    }
 
-    private SecuritySupport() {
+    /**
+     * Check the protocol used in the systemId against allowed protocols
+     *
+     * @param systemId the Id of the URI
+     * @param allowedProtocols a list of allowed protocols separated by comma
+     * @param accessAny keyword to indicate allowing any protocol
+     * @return the name of the protocol if rejected, null otherwise
+     */
+    public static String checkAccess(String systemId, String allowedProtocols, String accessAny) throws IOException {
+        if (systemId == null || allowedProtocols.equalsIgnoreCase(accessAny)) {
+            return null;
+        }
+
+        String protocol;
+        if (systemId.indexOf(":")==-1) {
+            protocol = "file";
+        } else {
+            URL url = new URL(systemId);
+            protocol = url.getProtocol();
+            if (protocol.equalsIgnoreCase("jar")) {
+                String path = url.getPath();
+                protocol = path.substring(0, path.indexOf(":"));
+            }
+        }
+
+        if (isProtocolAllowed(protocol, allowedProtocols)) {
+            //access allowed
+            return null;
+        } else {
+            return protocol;
+        }
     }
+
+    /**
+     * Check if the protocol is in the allowed list of protocols. The check
+     * is case-insensitive while ignoring whitespaces.
+     *
+     * @param protocol a protocol
+     * @param allowedProtocols a list of allowed protocols
+     * @return true if the protocol is in the list
+     */
+    private static boolean isProtocolAllowed(String protocol, String allowedProtocols) {
+         String temp[] = allowedProtocols.split(",");
+         for (String t : temp) {
+             t = t.trim();
+             if (t.equalsIgnoreCase(protocol)) {
+                 return true;
+             }
+         }
+         return false;
+     }
+
+    /**
+     * Read from $java.home/lib/jaxp.properties for the specified property
+     *
+     * @param propertyId the Id of the property
+     * @return the value of the property
+     */
+    public static String getDefaultAccessProperty(String sysPropertyId, String defaultVal) {
+        String accessExternal = SecuritySupport.getSystemProperty(sysPropertyId);
+        if (accessExternal == null) {
+            accessExternal = readJAXPProperty(sysPropertyId);
+            if (accessExternal == null) {
+                accessExternal = defaultVal;
+            }
+        }
+        return accessExternal;
+    }
+
+    /**
+     * Read from $java.home/lib/jaxp.properties for the specified property
+     * The program
+     *
+     * @param propertyId the Id of the property
+     * @return the value of the property
+     */
+    static String readJAXPProperty(String propertyId) {
+        String value = null;
+        InputStream is = null;
+        try {
+            if (firstTime) {
+                synchronized (cacheProps) {
+                    if (firstTime) {
+                        String configFile = getSystemProperty("java.home") + File.separator +
+                            "lib" + File.separator + "jaxp.properties";
+                        File f = new File(configFile);
+                        if (getFileExists(f)) {
+                            is = getFileInputStream(f);
+                            cacheProps.load(is);
+                        }
+                        firstTime = false;
+                    }
+                }
+            }
+            value = cacheProps.getProperty(propertyId);
+
+        }
+        catch (Exception ex) {}
+        finally {
+            if (is != null) {
+                try {
+                    is.close();
+                } catch (IOException ex) {}
+            }
+        }
+
+        return value;
+    }
+
+    /**
+     * Cache for properties in java.home/lib/jaxp.properties
+     */
+    static final Properties cacheProps = new Properties();
+
+    /**
+     * Flag indicating if the program has tried reading java.home/lib/jaxp.properties
+     */
+    static volatile boolean firstTime = true;
+
+    private SecuritySupport () {}
 }
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/FunctionCall.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/FunctionCall.java	Fri May 17 10:07:23 2013 -0700
@@ -54,6 +54,7 @@
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.TypeCheckError;
 import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
+import java.util.Objects;
 
 /**
  * @author Jacek Ambroziak
@@ -156,8 +157,15 @@
             this.type = type;
             this.distance = distance;
         }
+
+        @Override
+        public int hashCode() {
+            return Objects.hashCode(this.type);
+        }
+
+        @Override
         public boolean equals(Object query){
-            return query.equals(type);
+            return query != null && query.equals(type);
         }
     }
 
@@ -277,6 +285,7 @@
         return(_fname.toString());
     }
 
+    @Override
     public void setParser(Parser parser) {
         super.setParser(parser);
         if (_arguments != null) {
@@ -319,6 +328,7 @@
      * Type check a function call. Since different type conversions apply,
      * type checking is different for standard and external (Java) functions.
      */
+    @Override
     public Type typeCheck(SymbolTable stable)
         throws TypeCheckError
     {
@@ -680,6 +690,7 @@
      * Compile the function call and treat as an expression
      * Update true/false-lists.
      */
+    @Override
     public void translateDesynthesized(ClassGenerator classGen,
                                        MethodGenerator methodGen)
     {
@@ -700,6 +711,7 @@
      * Translate a function call. The compiled code will leave the function's
      * return value on the JVM's stack.
      */
+    @Override
     public void translate(ClassGenerator classGen, MethodGenerator methodGen) {
         final int n = argumentCount();
         final ConstantPoolGen cpg = classGen.getConstantPool();
@@ -857,6 +869,7 @@
         }
     }
 
+    @Override
     public String toString() {
         return "funcall(" + _fname + ", " + _arguments + ')';
     }
@@ -1069,7 +1082,7 @@
     protected static String replaceDash(String name)
     {
         char dash = '-';
-        StringBuffer buff = new StringBuffer("");
+        final StringBuilder buff = new StringBuilder("");
         for (int i = 0; i < name.length(); i++) {
         if (i > 0 && name.charAt(i-1) == dash)
             buff.append(Character.toUpperCase(name.charAt(i)));
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Import.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Import.java	Fri May 17 10:07:23 2013 -0700
@@ -23,18 +23,19 @@
 
 package com.sun.org.apache.xalan.internal.xsltc.compiler;
 
-import java.io.File;
-import java.net.URL;
-import java.net.MalformedURLException;
-import java.util.Enumeration;
-
-import com.sun.org.apache.xml.internal.utils.SystemIDResolver;
+import com.sun.org.apache.xalan.internal.XalanConstants;
+import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ClassGenerator;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.MethodGenerator;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.TypeCheckError;
-
+import com.sun.org.apache.xml.internal.utils.SystemIDResolver;
+import java.io.File;
+import java.net.URL;
+import java.net.MalformedURLException;
+import java.util.Enumeration;
+import javax.xml.XMLConstants;
 import org.xml.sax.InputSource;
 import org.xml.sax.XMLReader;
 
@@ -84,6 +85,17 @@
             // No SourceLoader or not resolved by SourceLoader
             if (input == null) {
                 docToLoad = SystemIDResolver.getAbsoluteURI(docToLoad, currLoadedDoc);
+                String accessError = SecuritySupport.checkAccess(docToLoad,
+                        xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET),
+                        XalanConstants.ACCESS_EXTERNAL_ALL);
+
+                if (accessError != null) {
+                    final ErrorMsg msg = new ErrorMsg(ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+                                        SecuritySupport.sanitizePath(docToLoad), accessError,
+                                        this);
+                    parser.reportError(Constants.FATAL, msg);
+                    return;
+                }
                 input = new InputSource(docToLoad);
             }
 
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Include.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Include.java	Fri May 17 10:07:23 2013 -0700
@@ -23,19 +23,20 @@
 
 package com.sun.org.apache.xalan.internal.xsltc.compiler;
 
+import com.sun.org.apache.xalan.internal.XalanConstants;
+import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
+import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ClassGenerator;
+import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
+import com.sun.org.apache.xalan.internal.xsltc.compiler.util.MethodGenerator;
+import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
+import com.sun.org.apache.xalan.internal.xsltc.compiler.util.TypeCheckError;
+import com.sun.org.apache.xml.internal.utils.SystemIDResolver;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.Enumeration;
-
-import com.sun.org.apache.xml.internal.utils.SystemIDResolver;
-import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ClassGenerator;
-import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
-import com.sun.org.apache.xalan.internal.xsltc.compiler.util.MethodGenerator;
-import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
-import com.sun.org.apache.xalan.internal.xsltc.compiler.util.TypeCheckError;
-
+import javax.xml.XMLConstants;
 import org.xml.sax.InputSource;
 import org.xml.sax.XMLReader;
 
@@ -85,6 +86,17 @@
             // No SourceLoader or not resolved by SourceLoader
             if (input == null) {
                 docToLoad = SystemIDResolver.getAbsoluteURI(docToLoad, currLoadedDoc);
+                String accessError = SecuritySupport.checkAccess(docToLoad,
+                        xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET),
+                        XalanConstants.ACCESS_EXTERNAL_ALL);
+
+                if (accessError != null) {
+                    final ErrorMsg msg = new ErrorMsg(ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+                                        SecuritySupport.sanitizePath(docToLoad), accessError,
+                                        this);
+                    parser.reportError(Constants.FATAL, msg);
+                    return;
+                }
                 input = new InputSource(docToLoad);
             }
 
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Parser.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Parser.java	Fri May 17 10:07:23 2013 -0700
@@ -23,6 +23,16 @@
 
 package com.sun.org.apache.xalan.internal.xsltc.compiler;
 
+import com.sun.java_cup.internal.runtime.Symbol;
+import com.sun.org.apache.xalan.internal.XalanConstants;
+import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
+import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
+import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
+import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
+import com.sun.org.apache.xalan.internal.xsltc.compiler.util.MethodType;
+import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
+import com.sun.org.apache.xalan.internal.xsltc.compiler.util.TypeCheckError;
+import com.sun.org.apache.xml.internal.serializer.utils.SystemIDResolver;
 import java.io.File;
 import java.io.IOException;
 import java.io.StringReader;
@@ -33,27 +43,18 @@
 import java.util.Stack;
 import java.util.StringTokenizer;
 import java.util.Vector;
-
-import com.sun.java_cup.internal.runtime.Symbol;
 import javax.xml.XMLConstants;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
-
-import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
-import com.sun.org.apache.xalan.internal.xsltc.compiler.util.MethodType;
-import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
-import com.sun.org.apache.xalan.internal.xsltc.compiler.util.TypeCheckError;
-import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
-import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
 import org.xml.sax.Attributes;
-import org.xml.sax.helpers.AttributesImpl;
 import org.xml.sax.ContentHandler;
 import org.xml.sax.InputSource;
 import org.xml.sax.Locator;
 import org.xml.sax.SAXException;
 import org.xml.sax.SAXParseException;
 import org.xml.sax.XMLReader;
+import org.xml.sax.helpers.AttributesImpl;
 
 /**
  * @author Jacek Ambroziak
@@ -475,6 +476,8 @@
                 factory.setNamespaceAware(true);
             }
             final SAXParser parser = factory.newSAXParser();
+            parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
+                    _xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
             final XMLReader reader = parser.getXMLReader();
             return(parse(reader, input));
         }
@@ -547,6 +550,25 @@
             return(element);
         }
         else {
+            try {
+                String path = _target;
+                if (path.indexOf(":")==-1) {
+                    path = "file:" + path;
+                }
+                path = SystemIDResolver.getAbsoluteURI(path);
+                String accessError = SecuritySupport.checkAccess(path,
+                        _xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET),
+                        XalanConstants.ACCESS_EXTERNAL_ALL);
+                if (accessError != null) {
+                    ErrorMsg msg = new ErrorMsg(ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+                            SecuritySupport.sanitizePath(_target), accessError,
+                            root);
+                    throw new CompilerException(msg.toString());
+                }
+            } catch (IOException ex) {
+                throw new CompilerException(ex);
+            }
+
             return(loadExternalStylesheet(_target));
         }
     }
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/VariableRefBase.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/VariableRefBase.java	Fri May 17 10:07:23 2013 -0700
@@ -25,6 +25,7 @@
 
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.TypeCheckError;
+import java.util.Objects;
 
 /**
  * @author Morten Jorgensen
@@ -97,13 +98,15 @@
      * Two variable references are deemed equal if they refer to the
      * same variable.
      */
+    @Override
     public boolean equals(Object obj) {
-        try {
-            return (_variable == ((VariableRefBase) obj)._variable);
-        }
-        catch (ClassCastException e) {
-            return false;
-        }
+        return obj == this || (obj instanceof VariableRefBase)
+            && (_variable == ((VariableRefBase) obj)._variable);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hashCode(this._variable);
     }
 
     /**
@@ -111,10 +114,12 @@
      * format 'variable-ref(<var-name>)'.
      * @return Variable reference description
      */
+    @Override
     public String toString() {
         return "variable-ref("+_variable.getName()+'/'+_variable.getType()+')';
     }
 
+    @Override
     public Type typeCheck(SymbolTable stable)
         throws TypeCheckError
     {
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java	Fri May 17 10:07:23 2013 -0700
@@ -39,8 +39,10 @@
 import java.util.jar.JarEntry;
 import java.util.jar.JarOutputStream;
 import java.util.jar.Manifest;
+import javax.xml.XMLConstants;
 
 import com.sun.org.apache.bcel.internal.classfile.JavaClass;
+import com.sun.org.apache.xalan.internal.XalanConstants;
 import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Util;
@@ -136,6 +138,16 @@
     private boolean _useServicesMechanism = true;
 
     /**
+     * protocols allowed for external references set by the stylesheet processing instruction, Import and Include element.
+     */
+    private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
+     /**
+     * protocols allowed for external DTD references in source file and/or stylesheet.
+     */
+    private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
+
+
+    /**
      * XSLTC compiler constructor
      */
     public XSLTC(boolean useServicesMechanism) {
@@ -170,6 +182,31 @@
     }
 
     /**
+     * Return allowed protocols for accessing external stylesheet.
+     */
+    public String getProperty(String name) {
+        if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
+            return _accessExternalStylesheet;
+        }
+        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
+            return _accessExternalDTD;
+        }
+        return null;
+    }
+
+    /**
+     * Set allowed protocols for accessing external stylesheet.
+     */
+    public void setProperty(String name, String value) {
+        if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
+            _accessExternalStylesheet = (String)value;
+        }
+        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
+            _accessExternalDTD = (String)value;
+        }
+    }
+
+    /**
      * Only for user by the internal TrAX implementation.
      */
     public Parser getParser() {
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages.java	Fri May 17 10:07:23 2013 -0700
@@ -446,6 +446,12 @@
         "Could not find stylesheet target ''{0}''."},
 
         /*
+         * Note to translators:  access to the stylesheet target is denied
+         */
+        {ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+        "Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
+
+        /*
          * Note to translators:  This message represents an internal error in
          * condition in XSLTC.  The substitution text is the class name in XSLTC
          * that is missing some functionality.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_ca.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_ca.java	Fri May 17 10:07:23 2013 -0700
@@ -444,6 +444,12 @@
         "No s''ha trobat la destinaci\u00f3 ''{0}'' del full d''estils."},
 
         /*
+         * Note to translators:  access to the stylesheet target is denied
+         */
+        {ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+        "Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
+
+        /*
          * Note to translators:  This message represents an internal error in
          * condition in XSLTC.  The substitution text is the class name in XSLTC
          * that is missing some functionality.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_cs.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_cs.java	Fri May 17 10:07:23 2013 -0700
@@ -444,6 +444,12 @@
         "Nelze naj\u00edt c\u00edlovou p\u0159edlohu se stylem ''{0}''."},
 
         /*
+         * Note to translators:  access to the stylesheet target is denied
+         */
+        {ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+        "Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
+
+        /*
          * Note to translators:  This message represents an internal error in
          * condition in XSLTC.  The substitution text is the class name in XSLTC
          * that is missing some functionality.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_de.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_de.java	Fri May 17 10:07:23 2013 -0700
@@ -444,6 +444,12 @@
         "Stylesheet-Ziel \"{0}\" konnte nicht gefunden werden."},
 
         /*
+         * Note to translators:  access to the stylesheet target is denied
+         */
+        {ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+        "Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
+
+        /*
          * Note to translators:  This message represents an internal error in
          * condition in XSLTC.  The substitution text is the class name in XSLTC
          * that is missing some functionality.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_es.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_es.java	Fri May 17 10:07:23 2013 -0700
@@ -444,6 +444,12 @@
         "No se ha encontrado el destino de hoja de estilo ''{0}''."},
 
         /*
+         * Note to translators:  access to the stylesheet target is denied
+         */
+        {ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+        "Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
+
+        /*
          * Note to translators:  This message represents an internal error in
          * condition in XSLTC.  The substitution text is the class name in XSLTC
          * that is missing some functionality.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_fr.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_fr.java	Fri May 17 10:07:23 2013 -0700
@@ -444,6 +444,12 @@
         "Cible de feuille de style ''{0}'' introuvable."},
 
         /*
+         * Note to translators:  access to the stylesheet target is denied
+         */
+        {ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+        "Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
+
+        /*
          * Note to translators:  This message represents an internal error in
          * condition in XSLTC.  The substitution text is the class name in XSLTC
          * that is missing some functionality.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_it.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_it.java	Fri May 17 10:07:23 2013 -0700
@@ -444,6 +444,12 @@
         "Impossibile trovare la destinazione ''{0}'' del foglio di stile."},
 
         /*
+         * Note to translators:  access to the stylesheet target is denied
+         */
+        {ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+        "Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
+
+        /*
          * Note to translators:  This message represents an internal error in
          * condition in XSLTC.  The substitution text is the class name in XSLTC
          * that is missing some functionality.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_ja.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_ja.java	Fri May 17 10:07:23 2013 -0700
@@ -444,6 +444,12 @@
         "\u30B9\u30BF\u30A4\u30EB\u30B7\u30FC\u30C8\u30FB\u30BF\u30FC\u30B2\u30C3\u30C8''{0}''\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093\u3067\u3057\u305F\u3002"},
 
         /*
+         * Note to translators:  access to the stylesheet target is denied
+         */
+        {ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+        "Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
+
+        /*
          * Note to translators:  This message represents an internal error in
          * condition in XSLTC.  The substitution text is the class name in XSLTC
          * that is missing some functionality.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_ko.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_ko.java	Fri May 17 10:07:23 2013 -0700
@@ -444,6 +444,12 @@
         "\uC2A4\uD0C0\uC77C\uC2DC\uD2B8 \uB300\uC0C1 ''{0}''\uC744(\uB97C) \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."},
 
         /*
+         * Note to translators:  access to the stylesheet target is denied
+         */
+        {ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+        "Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
+
+        /*
          * Note to translators:  This message represents an internal error in
          * condition in XSLTC.  The substitution text is the class name in XSLTC
          * that is missing some functionality.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_pt_BR.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_pt_BR.java	Fri May 17 10:07:23 2013 -0700
@@ -444,6 +444,12 @@
         "N\u00E3o foi poss\u00EDvel localizar o alvo da folha de estilos ''{0}''."},
 
         /*
+         * Note to translators:  access to the stylesheet target is denied
+         */
+        {ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+        "Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
+
+        /*
          * Note to translators:  This message represents an internal error in
          * condition in XSLTC.  The substitution text is the class name in XSLTC
          * that is missing some functionality.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_sk.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_sk.java	Fri May 17 10:07:23 2013 -0700
@@ -444,6 +444,12 @@
         "Nebolo mo\u017en\u00e9 n\u00e1js\u0165 cie\u013e \u0161t\u00fdlu dokumentu ''{0}''."},
 
         /*
+         * Note to translators:  access to the stylesheet target is denied
+         */
+        {ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+        "Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
+
+        /*
          * Note to translators:  This message represents an internal error in
          * condition in XSLTC.  The substitution text is the class name in XSLTC
          * that is missing some functionality.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_sv.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_sv.java	Fri May 17 10:07:23 2013 -0700
@@ -444,6 +444,12 @@
         "Hittade inte formatmallen ''{0}''."},
 
         /*
+         * Note to translators:  access to the stylesheet target is denied
+         */
+        {ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+        "Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
+
+        /*
          * Note to translators:  This message represents an internal error in
          * condition in XSLTC.  The substitution text is the class name in XSLTC
          * that is missing some functionality.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_zh_CN.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_zh_CN.java	Fri May 17 10:07:23 2013 -0700
@@ -444,6 +444,12 @@
         "\u627E\u4E0D\u5230\u6837\u5F0F\u8868\u76EE\u6807 ''{0}''\u3002"},
 
         /*
+         * Note to translators:  access to the stylesheet target is denied
+         */
+        {ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+        "Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
+
+        /*
          * Note to translators:  This message represents an internal error in
          * condition in XSLTC.  The substitution text is the class name in XSLTC
          * that is missing some functionality.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_zh_TW.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_zh_TW.java	Fri May 17 10:07:23 2013 -0700
@@ -444,6 +444,12 @@
         "\u627E\u4E0D\u5230\u6A23\u5F0F\u8868\u76EE\u6A19 ''{0}''\u3002"},
 
         /*
+         * Note to translators:  access to the stylesheet target is denied
+         */
+        {ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+        "Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
+
+        /*
          * Note to translators:  This message represents an internal error in
          * condition in XSLTC.  The substitution text is the class name in XSLTC
          * that is missing some functionality.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMsg.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMsg.java	Fri May 17 10:07:23 2013 -0700
@@ -95,6 +95,7 @@
     public static final String UNSUPPORTED_EXT_ERR = "UNSUPPORTED_EXT_ERR";
     public static final String MISSING_XSLT_URI_ERR = "MISSING_XSLT_URI_ERR";
     public static final String MISSING_XSLT_TARGET_ERR = "MISSING_XSLT_TARGET_ERR";
+    public static final String ACCESSING_XSLT_TARGET_ERR = "ACCESSING_XSLT_TARGET_ERR";
     public static final String NOT_IMPLEMENTED_ERR = "NOT_IMPLEMENTED_ERR";
     public static final String NOT_STYLESHEET_ERR = "NOT_STYLESHEET_ERR";
     public static final String ELEMENT_PARSE_ERR = "ELEMENT_PARSE_ERR";
--- a/src/com/sun/org/apache/xalan/internal/xsltc/dom/LoadDocument.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/dom/LoadDocument.java	Fri May 17 10:07:23 2013 -0700
@@ -23,6 +23,7 @@
 
 package com.sun.org.apache.xalan.internal.xsltc.dom;
 
+import com.sun.org.apache.xalan.internal.XalanConstants;
 import java.io.FileNotFoundException;
 
 import javax.xml.transform.stream.StreamSource;
@@ -31,8 +32,10 @@
 import com.sun.org.apache.xalan.internal.xsltc.DOMCache;
 import com.sun.org.apache.xalan.internal.xsltc.DOMEnhancedForDTM;
 import com.sun.org.apache.xalan.internal.xsltc.TransletException;
+import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
 import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
 import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
+import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
 import com.sun.org.apache.xml.internal.dtm.DTM;
 import com.sun.org.apache.xml.internal.dtm.DTMAxisIterator;
 import com.sun.org.apache.xml.internal.dtm.DTMManager;
@@ -199,6 +202,13 @@
                 throw new TransletException(e);
             }
         } else {
+            String accessError = SecuritySupport.checkAccess(uri, translet.getAllowedProtocols(), XalanConstants.ACCESS_EXTERNAL_ALL);
+            if (accessError != null) {
+                ErrorMsg msg = new ErrorMsg(ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+                        SecuritySupport.sanitizePath(uri), accessError);
+                throw new Exception(msg.toString());
+            }
+
             // Parse the input document and construct DOM object
             // Trust the DTMManager to pick the right parser and
             // set up the DOM correctly.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/runtime/AbstractTranslet.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/runtime/AbstractTranslet.java	Fri May 17 10:07:23 2013 -0700
@@ -23,6 +23,7 @@
 
 package com.sun.org.apache.xalan.internal.xsltc.runtime;
 
+import com.sun.org.apache.xalan.internal.XalanConstants;
 import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
 import java.io.File;
 import java.io.FileOutputStream;
@@ -110,6 +111,11 @@
 
     private boolean _useServicesMechanism;
 
+    /**
+     * protocols allowed for external references set by the stylesheet processing instruction, Document() function, Import and Include element.
+     */
+    private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
+
     /************************************************************************
      * Debugging
      ************************************************************************/
@@ -758,6 +764,20 @@
         _useServicesMechanism = flag;
     }
 
+    /**
+     * Return allowed protocols for accessing external stylesheet.
+     */
+    public String getAllowedProtocols() {
+        return _accessExternalStylesheet;
+    }
+
+    /**
+     * Set allowed protocols for accessing external stylesheet.
+     */
+    public void setAllowedProtocols(String protocols) {
+        _accessExternalStylesheet = protocols;
+    }
+
     /************************************************************************
      * DOMImplementation caching for basis library
      ************************************************************************/
--- a/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesHandlerImpl.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesHandlerImpl.java	Fri May 17 10:07:23 2013 -0700
@@ -99,6 +99,12 @@
         if (tfactory.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING))
             xsltc.setSecureProcessing(true);
 
+        xsltc.setProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET,
+                (String)tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET));
+        xsltc.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
+                (String)tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_DTD));
+
+
         if ("true".equals(tfactory.getAttribute(TransformerFactoryImpl.ENABLE_INLINING)))
             xsltc.setTemplateInlining(true);
         else
--- a/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesImpl.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesImpl.java	Fri May 17 10:07:23 2013 -0700
@@ -23,6 +23,7 @@
 
 package com.sun.org.apache.xalan.internal.xsltc.trax;
 
+import com.sun.org.apache.xalan.internal.XalanConstants;
 import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
@@ -124,6 +125,11 @@
 
     private boolean _useServicesMechanism;
 
+    /**
+     * protocols allowed for external references set by the stylesheet processing instruction, Import and Include element.
+     */
+    private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
+
     static final class TransletClassLoader extends ClassLoader {
         TransletClassLoader(ClassLoader parent) {
             super(parent);
@@ -171,6 +177,7 @@
         _indentNumber = indentNumber;
         _tfactory = tfactory;
         _useServicesMechanism = tfactory.useServicesMechnism();
+        _accessExternalStylesheet = (String) tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET);
     }
     /**
      * Need for de-serialization, see readObject().
@@ -381,6 +388,7 @@
             translet.postInitialization();
             translet.setTemplates(this);
             translet.setServicesMechnism(_useServicesMechanism);
+            translet.setAllowedProtocols(_accessExternalStylesheet);
             if (_auxClasses != null) {
                 translet.setAuxiliaryClasses(_auxClasses);
             }
--- a/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java	Fri May 17 10:07:23 2013 -0700
@@ -225,6 +225,16 @@
     private boolean _useServicesMechanism;
 
     /**
+     * protocols allowed for external references set by the stylesheet processing instruction, Import and Include element.
+     */
+    private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
+     /**
+     * protocols allowed for external DTD references in source file and/or stylesheet.
+     */
+    private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
+
+
+    /**
      * javax.xml.transform.sax.TransformerFactory implementation.
      */
     public TransformerFactoryImpl() {
@@ -238,10 +248,17 @@
     private TransformerFactoryImpl(boolean useServicesMechanism) {
         this.m_DTMManagerClass = XSLTCDTMManager.getDTMManagerClass(useServicesMechanism);
         this._useServicesMechanism = useServicesMechanism;
+
+        String defaultAccess = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
         if (System.getSecurityManager() != null) {
             _isSecureMode = true;
             _isNotSecureProcessing = false;
+            defaultAccess = XalanConstants.getExternalAccessDefault(true);
         }
+        _accessExternalStylesheet =  SecuritySupport.getDefaultAccessProperty(
+                XalanConstants.SP_ACCESS_EXTERNAL_STYLESHEET, defaultAccess);
+        _accessExternalDTD =  SecuritySupport.getDefaultAccessProperty(
+                XalanConstants.SP_ACCESS_EXTERNAL_DTD, defaultAccess);
     }
 
     /**
@@ -301,6 +318,12 @@
             else
               return Boolean.FALSE;
         }
+        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
+            return _accessExternalStylesheet;
+        }
+        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
+            return _accessExternalDTD;
+        }
 
         // Throw an exception for all other attributes
         ErrorMsg err = new ErrorMsg(ErrorMsg.JAXP_INVALID_ATTR_ERR, name);
@@ -401,6 +424,14 @@
                 return;
             }
         }
+        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
+            _accessExternalStylesheet = (String)value;
+            return;
+        }
+        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
+            _accessExternalDTD = (String)value;
+            return;
+        }
 
         // Throw an exception for all other attributes
         final ErrorMsg err
@@ -444,7 +475,12 @@
                 throw new TransformerConfigurationException(err.toString());
             }
             _isNotSecureProcessing = !value;
-            // all done processing feature
+
+            // set restriction, allowing no access to external stylesheet
+            if (value) {
+                _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP;
+                _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP;
+            }
             return;
         }
         else if (name.equals(XalanConstants.ORACLE_FEATURE_SERVICE_MECHANISM)) {
@@ -799,6 +835,8 @@
                 xsltc.setTemplateInlining(false);
 
         if (!_isNotSecureProcessing) xsltc.setSecureProcessing(true);
+        xsltc.setProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, _accessExternalStylesheet);
+        xsltc.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD);
         xsltc.init();
 
         // Set a document loader (for xsl:include/import) if defined
@@ -880,15 +918,20 @@
 
         // Check that the transformation went well before returning
     if (bytecodes == null) {
-
         Vector errs = xsltc.getErrors();
         ErrorMsg err = null;
         if (errs != null) {
-            err = (ErrorMsg)errs.get(errs.size()-1);
+            err = (ErrorMsg)errs.elementAt(errs.size()-1);
         } else {
             err = new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR);
         }
-        TransformerConfigurationException exc =  new TransformerConfigurationException(err.toString(), err.getCause());
+        Throwable cause = err.getCause();
+        TransformerConfigurationException exc;
+        if (cause != null) {
+            exc =  new TransformerConfigurationException(cause.getMessage(), cause);
+        } else {
+            exc =  new TransformerConfigurationException(err.toString());
+        }
 
         // Pass compiler errors to the error listener
         if (_errorListener != null) {
--- a/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerImpl.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerImpl.java	Fri May 17 10:07:23 2013 -0700
@@ -23,6 +23,7 @@
 
 package com.sun.org.apache.xalan.internal.xsltc.trax;
 
+import com.sun.org.apache.xalan.internal.XalanConstants;
 import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
 import java.io.File;
 import java.io.FileOutputStream;
@@ -61,6 +62,7 @@
 import javax.xml.transform.stax.StAXSource;
 import javax.xml.transform.stream.StreamResult;
 import javax.xml.transform.stream.StreamSource;
+import javax.xml.XMLConstants;
 
 import com.sun.org.apache.xml.internal.utils.SystemIDResolver;
 
@@ -207,6 +209,14 @@
      * Note the default value (false) is the safe option..
      */
     private boolean _useServicesMechanism;
+    /**
+     * protocols allowed for external references set by the stylesheet processing instruction, Import and Include element.
+     */
+    private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
+     /**
+     * protocols allowed for external DTD references in source file and/or stylesheet.
+     */
+    private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
 
     /**
      * A hashtable to store parameters for the identity transform. These
@@ -260,7 +270,10 @@
         _indentNumber = indentNumber;
         _tfactory = tfactory;
         _useServicesMechanism = _tfactory.useServicesMechnism();
+        _accessExternalStylesheet = (String)_tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET);
+        _accessExternalDTD = (String)_tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_DTD);
         _readerManager = XMLReaderManager.getInstance(_useServicesMechanism);
+        _readerManager.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD);
         //_isIncremental = tfactory._incremental;
     }
 
--- a/src/com/sun/org/apache/xalan/internal/xsltc/trax/Util.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/trax/Util.java	Fri May 17 10:07:23 2013 -0700
@@ -105,6 +105,8 @@
                     if (reader == null) {
                        try {
                            reader= XMLReaderFactory.createXMLReader();
+                           reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
+                                   xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
                        } catch (Exception e ) {
                            try {
 
--- a/src/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java	Fri May 17 10:07:23 2013 -0700
@@ -20,18 +20,6 @@
 
 package com.sun.org.apache.xerces.internal.dom;
 
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Locale;
-import java.util.Vector;
-
-import com.sun.org.apache.xerces.internal.util.PropertyState;
-import com.sun.org.apache.xerces.internal.util.Status;
-import org.w3c.dom.DOMConfiguration;
-import org.w3c.dom.DOMErrorHandler;
-import org.w3c.dom.DOMStringList;
-
 import com.sun.org.apache.xerces.internal.impl.Constants;
 import com.sun.org.apache.xerces.internal.impl.XMLEntityManager;
 import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
@@ -42,7 +30,10 @@
 import com.sun.org.apache.xerces.internal.util.DOMErrorHandlerWrapper;
 import com.sun.org.apache.xerces.internal.util.MessageFormatter;
 import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings;
+import com.sun.org.apache.xerces.internal.util.PropertyState;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
+import com.sun.org.apache.xerces.internal.utils.ObjectFactory;
+import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
@@ -55,12 +46,19 @@
 import com.sun.org.apache.xerces.internal.xni.parser.XMLErrorHandler;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
-import com.sun.org.apache.xerces.internal.utils.ObjectFactory;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Vector;
+import javax.xml.XMLConstants;
+import org.w3c.dom.DOMConfiguration;
+import org.w3c.dom.DOMErrorHandler;
 import org.w3c.dom.DOMException;
+import org.w3c.dom.DOMStringList;
 import org.w3c.dom.ls.LSResourceResolver;
 
 
-
 /**
  * Xerces implementation of DOMConfiguration that maintains a table of recognized parameters.
  *
@@ -158,6 +156,14 @@
     protected static final String SCHEMA_DV_FACTORY =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
 
+    /** Property identifier: access to external dtd */
+    protected static final String ACCESS_EXTERNAL_DTD =
+        XMLConstants.ACCESS_EXTERNAL_DTD;
+
+    /** Property identifier: access to external schema  */
+    protected static final String ACCESS_EXTERNAL_SCHEMA =
+        XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+
     //
     // Data
     //
@@ -276,7 +282,9 @@
             JAXP_SCHEMA_SOURCE,
             JAXP_SCHEMA_LANGUAGE,
             DTD_VALIDATOR_FACTORY_PROPERTY,
-            SCHEMA_DV_FACTORY
+            SCHEMA_DV_FACTORY,
+            ACCESS_EXTERNAL_DTD,
+            ACCESS_EXTERNAL_SCHEMA
         };
         addRecognizedProperties(recognizedProperties);
 
@@ -310,6 +318,14 @@
         fValidationManager = createValidationManager();
         setProperty(VALIDATION_MANAGER, fValidationManager);
 
+        //For DOM, the secure feature is set to true by default
+        String accessExternal =  SecuritySupport.getDefaultAccessProperty(
+                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
+        setProperty(ACCESS_EXTERNAL_DTD, accessExternal);
+
+        accessExternal =  SecuritySupport.getDefaultAccessProperty(
+                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
+        setProperty(ACCESS_EXTERNAL_SCHEMA, accessExternal);
 
         // add message formatters
         if (fErrorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) {
--- a/src/com/sun/org/apache/xerces/internal/impl/Constants.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/Constants.java	Fri May 17 10:07:23 2013 -0700
@@ -20,6 +20,7 @@
 
 package com.sun.org.apache.xerces.internal.impl;
 
+import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
 import java.util.Enumeration;
 import java.util.NoSuchElementException;
 
@@ -138,6 +139,21 @@
 
     public static final String FEATURE_SECURE_PROCESSING = "http://javax.xml.XMLConstants/feature/secure-processing";
 
+    // Oracle Feature:
+    /**
+     * <p>Use Service Mechanism</p>
+     *
+     * <ul>
+     *   <li>
+     * {@code true} instruct an object to use service mechanism to
+     * find a service implementation. This is the default behavior.
+     *   </li>
+     *   <li>
+     * {@code false} instruct an object to skip service mechanism and
+     * use the default implementation for that service.
+     *   </li>
+     * </ul>
+     */
     public static final String ORACLE_FEATURE_SERVICE_MECHANISM = "http://www.oracle.com/feature/use-service-mechanism";
 
     /** Document XML version property ("document-xml-version"). */
@@ -160,6 +176,34 @@
 
     public static final String SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT = "elementAttributeLimit" ;
 
+    /** JAXP Standard property prefix ("http://javax.xml.XMLConstants/property/"). */
+    public static final String JAXPAPI_PROPERTY_PREFIX =
+        "http://javax.xml.XMLConstants/property/";
+
+    /** Oracle JAXP property prefix ("http://www.oracle.com/xml/jaxp/properties/"). */
+    public static final String ORACLE_JAXP_PROPERTY_PREFIX =
+        "http://www.oracle.com/xml/jaxp/properties/";
+
+    //System Properties corresponding to ACCESS_EXTERNAL_* properties
+    public static final String SP_ACCESS_EXTERNAL_DTD = "javax.xml.accessExternalDTD";
+    public static final String SP_ACCESS_EXTERNAL_SCHEMA = "javax.xml.accessExternalSchema";
+    //all access keyword
+    public static final String ACCESS_EXTERNAL_ALL = "all";
+
+    /**
+     * Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
+     */
+    public static final String EXTERNAL_ACCESS_DEFAULT_FSP = "";
+    /**
+     * JDK version by which the default is to restrict external connection
+     */
+    public static final int RESTRICT_BY_DEFAULT_JDK_VERSION = 8;
+
+    /**
+     * FEATURE_SECURE_PROCESSING (FSP) is true by default
+     */
+    public static final String EXTERNAL_ACCESS_DEFAULT = getExternalAccessDefault(true);
+
     //
     // DOM features
     //
@@ -653,6 +697,59 @@
         ? new ArrayEnumeration(fgXercesProperties) : fgEmptyEnumeration;
     } // getXercesProperties():Enumeration
 
+    /**
+     * Determine the default value of the external access properties
+     *
+     * jaxp 1.5 does not require implementations to restrict by default
+     *
+     * For JDK8:
+     * The default value is 'file' (including jar:file); The keyword "all" grants permission
+     * to all protocols. When {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is on,
+     * the default value is an empty string indicating no access is allowed.
+     *
+     * For JDK7:
+     * The default value is 'all' granting permission to all protocols. If by default,
+     * {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is true, it should
+     * not change the default value. However, if {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING}
+     * is set explicitly, the values of the properties shall be set to an empty string
+     * indicating no access is allowed.
+     *
+     * @param isSecureProcessing indicating if Secure Processing is set
+     * @return default value
+     */
+    public static String getExternalAccessDefault(boolean isSecureProcessing) {
+        String defaultValue = "all";
+        if (isJDKandAbove(RESTRICT_BY_DEFAULT_JDK_VERSION)) {
+            defaultValue = "file";
+            if (isSecureProcessing) {
+                defaultValue = EXTERNAL_ACCESS_DEFAULT_FSP;
+            }
+        }
+        return defaultValue;
+    }
+
+    /*
+     * Check the version of the current JDK against that specified in the
+     * parameter
+     *
+     * There is a proposal to change the java version string to:
+     * MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
+     * This method would work with both the current format and that proposed
+     *
+     * @param compareTo a JDK version to be compared to
+     * @return true if the current version is the same or above that represented
+     * by the parameter
+     */
+    public static boolean isJDKandAbove(int compareTo) {
+        String javaVersion = SecuritySupport.getSystemProperty("java.version");
+        String versions[] = javaVersion.split("\\.", 3);
+        if (Integer.parseInt(versions[0]) >= compareTo ||
+            Integer.parseInt(versions[1]) >= compareTo) {
+            return true;
+        }
+        return false;
+    }
+
     //
     // Classes
     //
--- a/src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java	Fri May 17 10:07:23 2013 -0700
@@ -25,13 +25,14 @@
 
 package com.sun.org.apache.xerces.internal.impl;
 
+import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.xml.internal.stream.StaxEntityResolverWrapper;
 import java.util.HashMap;
+import javax.xml.XMLConstants;
 import javax.xml.stream.XMLInputFactory;
 import javax.xml.stream.XMLOutputFactory;
 import javax.xml.stream.XMLResolver;
 
-import com.sun.xml.internal.stream.StaxEntityResolverWrapper;
-
 /**
  *  This class manages different properties related to Stax specification and its implementation.
  * This class constructor also takes itself (PropertyManager object) as parameter and initializes the
@@ -51,6 +52,12 @@
     private static final String STRING_INTERNING = "http://xml.org/sax/features/string-interning";
 
 
+    /** Property identifier: access to external dtd */
+    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+    /** Property identifier: access to external schema  */
+    protected static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+
     HashMap supportedProps = new HashMap();
 
     public static final int CONTEXT_READER = 1;
@@ -117,6 +124,15 @@
         supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_DUPLICATE_ATTDEF_FEATURE, new Boolean(false));
         supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_DUPLICATE_ENTITYDEF_FEATURE, new Boolean(false));
         supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_UNDECLARED_ELEMDEF_FEATURE, new Boolean(false));
+
+        //For DOM/SAX, the secure feature is set to true by default
+        String accessExternal =  SecuritySupport.getDefaultAccessProperty(
+                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
+        supportedProps.put(ACCESS_EXTERNAL_DTD, accessExternal);
+
+        accessExternal =  SecuritySupport.getDefaultAccessProperty(
+                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
+        supportedProps.put(ACCESS_EXTERNAL_SCHEMA, accessExternal);
     }
 
     private void initWriterProps(){
--- a/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java	Fri May 17 10:07:23 2013 -0700
@@ -52,7 +52,10 @@
 import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler;
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.NamespaceSupport;
+import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
 import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
+import com.sun.xml.internal.stream.Entity;
+import javax.xml.XMLConstants;
 import javax.xml.stream.XMLStreamConstants;
 import javax.xml.stream.events.XMLEvent;
 
@@ -159,6 +162,18 @@
     protected static final String ENTITY_RESOLVER =
             Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_RESOLVER_PROPERTY;
 
+    /** Feature identifier: standard uri conformant */
+    protected static final String STANDARD_URI_CONFORMANT =
+            Constants.XERCES_FEATURE_PREFIX +Constants.STANDARD_URI_CONFORMANT_FEATURE;
+
+    /** property identifier: access external dtd. */
+    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+    /** access external dtd: file protocol
+     *  For DOM/SAX, the secure feature is set to true by default
+     */
+    final static String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT;
+
     // recognized features and properties
 
     /** Recognized features. */
@@ -184,6 +199,7 @@
         SYMBOL_TABLE,
                 ERROR_REPORTER,
                 ENTITY_MANAGER,
+                ACCESS_EXTERNAL_DTD
     };
 
     /** Property defaults. */
@@ -191,6 +207,7 @@
                 null,
                 null,
                 null,
+                EXTERNAL_ACCESS_DEFAULT
     };
 
     private static final char [] cdata = {'[','C','D','A','T','A','['};
@@ -297,6 +314,17 @@
     protected String fDeclaredEncoding =  null;
     /** Xerces Feature: Disallow doctype declaration. */
     protected boolean fDisallowDoctype = false;
+    /**
+     * comma-delimited list of protocols that are allowed for the purpose
+     * of accessing external dtd or entity references
+     */
+    protected String fAccessExternalDTD = EXTERNAL_ACCESS_DEFAULT;
+
+    /**
+     * standard uri conformant (strict uri).
+     * http://apache.org/xml/features/standard-uri-conformant
+     */
+    protected boolean fStrictURI;
 
     // drivers
 
@@ -413,17 +441,6 @@
      *
      * @return True if there is more to scan, false otherwise.
      */
-   /* public boolean scanDocument(boolean complete)
-    throws IOException, XNIException {
-
-        // keep dispatching "events"
-        fEntityManager.setEntityHandler(this);
-
-        return true;
-
-    } // scanDocument(boolean):boolean
-    */
-
     public boolean scanDocument(boolean complete)
     throws IOException, XNIException {
 
@@ -579,6 +596,9 @@
         //xxx: external entities are supported in Xerces
         // it would be good to define feature for this case
         fSupportExternalEntities = true;
+        fSupportExternalEntities = true;
+        fSupportExternalEntities = true;
+        fSupportExternalEntities = true;
         fReplaceEntityReferences = true;
         fIsCoalesce = false;
 
@@ -589,6 +609,9 @@
 
         dtdGrammarUtil = null;
 
+        // JAXP 1.5 features and properties
+        fAccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD, EXTERNAL_ACCESS_DEFAULT);
+        fStrictURI = componentManager.getFeature(STANDARD_URI_CONFORMANT, false);
 
         //fEntityManager.test();
     } // reset(XMLComponentManager)
@@ -639,6 +662,9 @@
 
         dtdGrammarUtil = null;
 
+        // Oracle jdk feature
+        fAccessExternalDTD = (String) propertyManager.getProperty(ACCESS_EXTERNAL_DTD);
+
     } // reset(XMLComponentManager)
 
     /**
@@ -735,6 +761,14 @@
             return;
         }
 
+        //JAXP 1.5 properties
+        if (propertyId.startsWith(Constants.JAXPAPI_PROPERTY_PREFIX)) {
+            if (propertyId.equals(ACCESS_EXTERNAL_DTD))
+            {
+                fAccessExternalDTD = (String)value;
+            }
+        }
+
     } // setProperty(String,Object)
 
     /**
@@ -1846,7 +1880,8 @@
         //1. if the entity is external and support to external entities is not required
         // 2. or entities should not be replaced
         //3. or if it is built in entity reference.
-        if((fEntityStore.isExternalEntity(name) && !fSupportExternalEntities) || (!fEntityStore.isExternalEntity(name) && !fReplaceEntityReferences) || foundBuiltInRefs){
+        boolean isEE = fEntityStore.isExternalEntity(name);
+        if((isEE && !fSupportExternalEntities) || (!isEE && !fReplaceEntityReferences) || foundBuiltInRefs){
             fScannerState = SCANNER_STATE_REFERENCE;
             return ;
         }
@@ -1996,6 +2031,12 @@
 
     } // getDriverName():String
 
+    String checkAccess(String systemId, String allowedProtocols) throws IOException {
+        String baseSystemId = fEntityScanner.getBaseSystemId();
+        String expandedSystemId = fEntityManager.expandSystemId(systemId, baseSystemId,fStrictURI);
+        return SecuritySupport.checkAccess(expandedSystemId, allowedProtocols, Constants.ACCESS_EXTERNAL_ALL);
+    }
+
     //
     // Classes
     //
--- a/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentScannerImpl.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentScannerImpl.java	Fri May 17 10:07:23 2013 -0700
@@ -21,6 +21,22 @@
 package com.sun.org.apache.xerces.internal.impl;
 
 
+import com.sun.org.apache.xerces.internal.impl.dtd.XMLDTDDescription;
+import com.sun.org.apache.xerces.internal.impl.validation.ValidationManager;
+import com.sun.org.apache.xerces.internal.util.NamespaceSupport;
+import com.sun.org.apache.xerces.internal.util.XMLChar;
+import com.sun.org.apache.xerces.internal.util.XMLResourceIdentifierImpl;
+import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
+import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.xni.Augmentations;
+import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
+import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
+import com.sun.org.apache.xerces.internal.xni.XMLString;
+import com.sun.org.apache.xerces.internal.xni.XNIException;
+import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
+import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
+import com.sun.org.apache.xerces.internal.xni.parser.XMLDTDScanner;
+import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
 import com.sun.xml.internal.stream.Entity;
 import com.sun.xml.internal.stream.StaxXMLInputSource;
 import com.sun.xml.internal.stream.dtd.DTDGrammarUtil;
@@ -29,23 +45,6 @@
 import javax.xml.stream.XMLInputFactory;
 import javax.xml.stream.events.XMLEvent;
 
-import com.sun.org.apache.xerces.internal.impl.validation.ValidationManager;
-import com.sun.org.apache.xerces.internal.util.NamespaceSupport;
-import com.sun.org.apache.xerces.internal.util.XMLChar;
-import com.sun.org.apache.xerces.internal.util.XMLResourceIdentifierImpl;
-import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
-import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
-import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
-import com.sun.org.apache.xerces.internal.xni.XMLString;
-import com.sun.org.apache.xerces.internal.xni.XNIException;
-import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
-import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
-import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
-import com.sun.org.apache.xerces.internal.xni.parser.XMLDTDScanner;
-import com.sun.org.apache.xerces.internal.xni.Augmentations;
-import com.sun.org.apache.xerces.internal.impl.dtd.XMLDTDDescription;
-import com.sun.org.apache.xerces.internal.xni.parser.XMLDocumentScanner;
-
 
 /**
  * This class is responsible for scanning XML document structure
@@ -148,7 +147,7 @@
 
     /** Property defaults. */
     private static final Object[] PROPERTY_DEFAULTS = {
-        null,
+            null,
                 null
     };
 
@@ -920,7 +919,6 @@
                             reportFatalError("DoctypeNotAllowed", null);
                         }
 
-
                         if (fSeenDoctypeDecl) {
                             reportFatalError("AlreadySeenDoctype", null);
                         }
@@ -952,15 +950,18 @@
                         if (fDoctypeSystemId != null) {
                             if (((fValidation || fLoadExternalDTD)
                                 && (fValidationManager == null || !fValidationManager.isCachedDTD()))) {
-                            if (fSupportDTD)
-                                setScannerState(SCANNER_STATE_DTD_EXTERNAL);
-                            else
-                                setScannerState(SCANNER_STATE_PROLOG);
-                            setDriver(fContentDriver);
-                            if(fDTDDriver == null)
-                                fDTDDriver = new DTDDriver();
-                            return fDTDDriver.next();
+                                if (fSupportDTD) {
+                                    setScannerState(SCANNER_STATE_DTD_EXTERNAL);
+                                } else {
+                                    setScannerState(SCANNER_STATE_PROLOG);
+                                }
 
+                                setDriver(fContentDriver);
+                                if(fDTDDriver == null) {
+                                    fDTDDriver = new DTDDriver();
+                                }
+
+                                return fDTDDriver.next();
                             }
                         }
                         else if (fExternalSubsetSource != null) {
@@ -1149,9 +1150,21 @@
                             resourceIdentifier.setValues(fDoctypePublicId, fDoctypeSystemId, null, null);
                             XMLInputSource xmlInputSource = null ;
                             StaxXMLInputSource staxInputSource =  fEntityManager.resolveEntityAsPerStax(resourceIdentifier);
+
+                            // Check access permission. If the source is resolved by a resolver, the check is skipped.
+                            if (!staxInputSource.hasResolver()) {
+                                String accessError = checkAccess(fDoctypeSystemId, fAccessExternalDTD);
+                                if (accessError != null) {
+                                    reportFatalError("AccessExternalDTD", new Object[]{ SecuritySupport.sanitizePath(fDoctypeSystemId), accessError });
+                                }
+                            }
                             xmlInputSource = staxInputSource.getXMLInputSource();
                             fDTDScanner.setInputSource(xmlInputSource);
-                            setScannerState(SCANNER_STATE_DTD_EXTERNAL_DECLS);
+                            if (fEntityScanner.fCurrentEntity != null) {
+                                setScannerState(SCANNER_STATE_DTD_EXTERNAL_DECLS);
+                            } else {
+                                setScannerState(SCANNER_STATE_PROLOG);
+                            }
                             again = true;
                             break;
                         }
--- a/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java	Fri May 17 10:07:23 2013 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2006, 2013 Oracle and/or its affiliates. All rights reserved.
  */
 
 /*
@@ -20,51 +20,37 @@
 
 package com.sun.org.apache.xerces.internal.impl ;
 
+import com.sun.org.apache.xerces.internal.impl.Constants;
+import com.sun.org.apache.xerces.internal.impl.io.ASCIIReader;
+import com.sun.org.apache.xerces.internal.impl.io.UCSReader;
+import com.sun.org.apache.xerces.internal.impl.io.UTF8Reader;
+import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
+import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler;
+import com.sun.org.apache.xerces.internal.impl.validation.ValidationManager;
+import com.sun.org.apache.xerces.internal.util.*;
+import com.sun.org.apache.xerces.internal.util.SecurityManager;
+import com.sun.org.apache.xerces.internal.util.URI;
+import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.xni.Augmentations;
+import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
+import com.sun.org.apache.xerces.internal.xni.XNIException;
+import com.sun.org.apache.xerces.internal.xni.parser.*;
+import com.sun.xml.internal.stream.Entity;
 import com.sun.xml.internal.stream.StaxEntityResolverWrapper;
 import com.sun.xml.internal.stream.StaxXMLInputSource;
 import com.sun.xml.internal.stream.XMLEntityStorage;
 import java.io.*;
-import java.io.BufferedReader;
-import java.util.*;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.Reader;
-import java.io.StringReader;
 import java.lang.reflect.Method;
 import java.net.HttpURLConnection;
+import java.net.URISyntaxException;
 import java.net.URL;
 import java.net.URLConnection;
-import java.net.URISyntaxException;
 import java.util.Hashtable;
 import java.util.Iterator;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Stack;
-
-
-import com.sun.org.apache.xerces.internal.impl.io.*;
-import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
-import com.sun.org.apache.xerces.internal.util.*;
-import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
-import com.sun.org.apache.xerces.internal.xni.XNIException;
-import com.sun.org.apache.xerces.internal.xni.parser.*;
-import com.sun.org.apache.xerces.internal.impl.Constants;
-import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
-import com.sun.xml.internal.stream.Entity;
-import com.sun.org.apache.xerces.internal.xni.Augmentations;
-
-import com.sun.org.apache.xerces.internal.impl.io.UTF8Reader;
-import com.sun.org.apache.xerces.internal.impl.io.ASCIIReader;
-import com.sun.org.apache.xerces.internal.impl.io.UCSReader;
-import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler;
-import com.sun.org.apache.xerces.internal.util.HTTPInputSource;
-import com.sun.org.apache.xerces.internal.xinclude.XIncludeHandler;
-
-import com.sun.org.apache.xerces.internal.impl.validation.ValidationManager;
-import com.sun.org.apache.xerces.internal.util.SecurityManager;
-import com.sun.org.apache.xerces.internal.util.URI;
+import javax.xml.XMLConstants;
 
 
 /**
@@ -140,6 +126,10 @@
     protected static final String WARN_ON_DUPLICATE_ENTITYDEF =
             Constants.XERCES_FEATURE_PREFIX +Constants.WARN_ON_DUPLICATE_ENTITYDEF_FEATURE;
 
+    /** Feature identifier: load external DTD. */
+    protected static final String LOAD_EXTERNAL_DTD =
+            Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE;
+
     // property identifiers
 
     /** Property identifier: symbol table. */
@@ -173,8 +163,16 @@
     protected static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
-protected static final String PARSER_SETTINGS =
+    protected static final String PARSER_SETTINGS =
         Constants.XERCES_FEATURE_PREFIX + Constants.PARSER_SETTINGS;
+
+    /** property identifier: access external dtd. */
+    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+    /** access external dtd: file protocol */
+    static final String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT;
+
+
     // recognized features and properties
 
     /** Recognized features. */
@@ -205,7 +203,7 @@
                 VALIDATION_MANAGER,
                 BUFFER_SIZE,
                 SECURITY_MANAGER,
-
+                ACCESS_EXTERNAL_DTD
     };
 
     /** Property defaults. */
@@ -215,7 +213,8 @@
                 null,
                 null,
                 new Integer(DEFAULT_BUFFER_SIZE),
-                null
+                null,
+                EXTERNAL_ACCESS_DEFAULT
     };
 
     private static final String XMLEntity = "[xml]".intern();
@@ -274,6 +273,8 @@
      */
     protected boolean fAllowJavaEncodings = true ;
 
+    /** Load external DTD. */
+    protected boolean fLoadExternalDTD = true;
 
     // properties
 
@@ -302,7 +303,8 @@
     /** Property Manager. This is used from Stax */
     protected PropertyManager fPropertyManager ;
 
-
+    /** used to restrict external access */
+    protected String fAccessExternalDTD = EXTERNAL_ACCESS_DEFAULT;
     // settings
 
     /**
@@ -366,6 +368,9 @@
     /** Current entity. */
     protected Entity.ScannedEntity fCurrentEntity = null;
 
+    /** identify if the InputSource is created by a resolver */
+    boolean fISCreatedByResolver = false;
+
     // shared context
 
     protected XMLEntityStorage fEntityStorage ;
@@ -965,18 +970,25 @@
             System.out.println("BEFORE Calling resolveEntity") ;
         }
 
+        fISCreatedByResolver = false;
         //either of Stax or Xerces would be null
         if(fStaxEntityResolver != null){
             staxInputSource = fStaxEntityResolver.resolveEntity(ri);
+            if(staxInputSource != null) {
+                fISCreatedByResolver = true;
+            }
         }
 
         if(fEntityResolver != null){
             xmlInputSource = fEntityResolver.resolveEntity(ri);
+            if(xmlInputSource != null) {
+                fISCreatedByResolver = true;
+            }
         }
 
         if(xmlInputSource != null){
             //wrap this XMLInputSource to StaxInputSource
-            staxInputSource = new StaxXMLInputSource(xmlInputSource);
+            staxInputSource = new StaxXMLInputSource(xmlInputSource, fISCreatedByResolver);
         }
 
         // do default resolution
@@ -1108,7 +1120,13 @@
 
         // should we skip external entities?
         boolean external = entity.isExternal();
+        Entity.ExternalEntity externalEntity = null;
+        String extLitSysId = null, extBaseSysId = null, expandedSystemId = null;
         if (external) {
+            externalEntity = (Entity.ExternalEntity)entity;
+            extLitSysId = (externalEntity.entityLocation != null ? externalEntity.entityLocation.getLiteralSystemId() : null);
+            extBaseSysId = (externalEntity.entityLocation != null ? externalEntity.entityLocation.getBaseSystemId() : null);
+            expandedSystemId = expandSystemId(extLitSysId, extBaseSysId);
             boolean unparsed = entity.isUnparsed();
             boolean parameter = entityName.startsWith("%");
             boolean general = !parameter;
@@ -1118,13 +1136,6 @@
                 if (fEntityHandler != null) {
                     fResourceIdentifier.clear();
                     final String encoding = null;
-                    Entity.ExternalEntity externalEntity = (Entity.ExternalEntity)entity;
-                    //REVISIT:  since we're storing expandedSystemId in the
-                    // externalEntity, how could this have got here if it wasn't already
-                    // expanded??? - neilg
-                    String extLitSysId = (externalEntity.entityLocation != null ? externalEntity.entityLocation.getLiteralSystemId() : null);
-                    String extBaseSysId = (externalEntity.entityLocation != null ? externalEntity.entityLocation.getBaseSystemId() : null);
-                    String expandedSystemId = expandSystemId(extLitSysId, extBaseSysId);
                     fResourceIdentifier.setValues(
                             (externalEntity.entityLocation != null ? externalEntity.entityLocation.getPublicId() : null),
                             extLitSysId, extBaseSysId, expandedSystemId);
@@ -1162,11 +1173,6 @@
                             fResourceIdentifier.clear();
                             final String encoding = null;
                             if (external) {
-                                Entity.ExternalEntity externalEntity = (Entity.ExternalEntity)entity;
-                                // REVISIT:  for the same reason above...
-                                String extLitSysId = (externalEntity.entityLocation != null ? externalEntity.entityLocation.getLiteralSystemId() : null);
-                                String extBaseSysId = (externalEntity.entityLocation != null ? externalEntity.entityLocation.getBaseSystemId() : null);
-                                String expandedSystemId = expandSystemId(extLitSysId, extBaseSysId);
                                 fResourceIdentifier.setValues(
                                         (externalEntity.entityLocation != null ? externalEntity.entityLocation.getPublicId() : null),
                                         extLitSysId, extBaseSysId, expandedSystemId);
@@ -1188,7 +1194,6 @@
         XMLInputSource xmlInputSource = null ;
 
         if (external) {
-            Entity.ExternalEntity externalEntity = (Entity.ExternalEntity)entity;
             staxInputSource = resolveEntityAsPerStax(externalEntity.entityLocation);
             /** xxx:  Waiting from the EG
              * //simply return if there was entity resolver registered and application
@@ -1196,6 +1201,18 @@
              * if(staxInputSource.hasXMLStreamOrXMLEventReader()) return ;
              */
             xmlInputSource = staxInputSource.getXMLInputSource() ;
+            if (!fISCreatedByResolver) {
+                //let the not-LoadExternalDTD or not-SupportDTD process to handle the situation
+                if (fLoadExternalDTD) {
+                    String accessError = SecuritySupport.checkAccess(expandedSystemId, fAccessExternalDTD, Constants.ACCESS_EXTERNAL_ALL);
+                    if (accessError != null) {
+                        fErrorReporter.reportError(this.getEntityScanner(),XMLMessageFormatter.XML_DOMAIN,
+                                "AccessExternalEntity",
+                                new Object[] { SecuritySupport.sanitizePath(expandedSystemId), accessError },
+                                XMLErrorReporter.SEVERITY_FATAL_ERROR);
+                    }
+                }
+            }
         }
         // wrap internal entity
         else {
@@ -1400,6 +1417,12 @@
             fStaxEntityResolver = null;
         }
 
+        // Zephyr feature ignore-external-dtd is the opposite of Xerces' load-external-dtd
+        fLoadExternalDTD = !((Boolean)propertyManager.getProperty(Constants.ZEPHYR_PROPERTY_PREFIX + Constants.IGNORE_EXTERNAL_DTD)).booleanValue();
+
+        // JAXP 1.5 feature
+        fAccessExternalDTD = (String) propertyManager.getProperty(ACCESS_EXTERNAL_DTD);
+
         // initialize state
         //fStandalone = false;
         fEntities.clear();
@@ -1409,8 +1432,6 @@
         fExternalGeneralEntities = true;
         fExternalParameterEntities = true;
         fAllowJavaEncodings = true ;
-
-        //test();
     }
 
     /**
@@ -1453,6 +1474,7 @@
         fAllowJavaEncodings = componentManager.getFeature(ALLOW_JAVA_ENCODINGS, false);
         fWarnDuplicateEntityDef = componentManager.getFeature(WARN_ON_DUPLICATE_ENTITYDEF, false);
         fStrictURI = componentManager.getFeature(STANDARD_URI_CONFORMANT, false);
+        fLoadExternalDTD = componentManager.getFeature(LOAD_EXTERNAL_DTD, true);
 
         // xerces properties
         fSymbolTable = (SymbolTable)componentManager.getProperty(SYMBOL_TABLE);
@@ -1462,6 +1484,9 @@
         fValidationManager = (ValidationManager)componentManager.getProperty(VALIDATION_MANAGER, null);
         fSecurityManager = (SecurityManager)componentManager.getProperty(SECURITY_MANAGER, null);
 
+        // JAXP 1.5 feature
+        fAccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD, EXTERNAL_ACCESS_DEFAULT);
+
         //reset general state
         reset();
 
@@ -1554,6 +1579,11 @@
                 featureId.endsWith(Constants.ALLOW_JAVA_ENCODINGS_FEATURE)) {
                 fAllowJavaEncodings = state;
             }
+            if (suffixLength == Constants.LOAD_EXTERNAL_DTD_FEATURE.length() &&
+                featureId.endsWith(Constants.LOAD_EXTERNAL_DTD_FEATURE)) {
+                fLoadExternalDTD = state;
+                return;
+            }
         }
 
     } // setFeature(String,boolean)
@@ -1610,7 +1640,15 @@
             }
         }
 
+        //JAXP 1.5 properties
+        if (propertyId.startsWith(Constants.JAXPAPI_PROPERTY_PREFIX)) {
+            if (propertyId.equals(ACCESS_EXTERNAL_DTD))
+            {
+                fAccessExternalDTD = (String)value;
+            }
+        }
     }
+
     /**
      * Returns a list of property identifiers that are recognized by
      * this component. This method may return null if no properties
--- a/src/com/sun/org/apache/xerces/internal/impl/dv/xs/AbstractDateTimeDV.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/dv/xs/AbstractDateTimeDV.java	Fri May 17 10:07:23 2013 -0700
@@ -51,456 +51,471 @@
  */
 public abstract class AbstractDateTimeDV extends TypeValidator {
 
-        //debugging
-        private static final boolean DEBUG=false;
-
-        //define shared variables for date/time
-
-
-        //define constants to be used in assigning default values for
-        //all date/time excluding duration
-        protected final static int YEAR=2000;
-        protected final static int MONTH=01;
-        protected final static int DAY = 01;
-
+    //debugging
+    private static final boolean DEBUG = false;
+    //define shared variables for date/time
+    //define constants to be used in assigning default values for
+    //all date/time excluding duration
+    protected final static int YEAR = 2000;
+    protected final static int MONTH = 01;
+    protected final static int DAY = 01;
     protected static final DatatypeFactory datatypeFactory = new DatatypeFactoryImpl();
 
-        public short getAllowedFacets(){
-                return ( XSSimpleTypeDecl.FACET_PATTERN | XSSimpleTypeDecl.FACET_WHITESPACE | XSSimpleTypeDecl.FACET_ENUMERATION |XSSimpleTypeDecl.FACET_MAXINCLUSIVE |XSSimpleTypeDecl.FACET_MININCLUSIVE | XSSimpleTypeDecl.FACET_MAXEXCLUSIVE  | XSSimpleTypeDecl.FACET_MINEXCLUSIVE  );
-        }//getAllowedFacets()
+    @Override
+    public short getAllowedFacets() {
+        return (XSSimpleTypeDecl.FACET_PATTERN | XSSimpleTypeDecl.FACET_WHITESPACE | XSSimpleTypeDecl.FACET_ENUMERATION | XSSimpleTypeDecl.FACET_MAXINCLUSIVE | XSSimpleTypeDecl.FACET_MININCLUSIVE | XSSimpleTypeDecl.FACET_MAXEXCLUSIVE | XSSimpleTypeDecl.FACET_MINEXCLUSIVE);
+    }//getAllowedFacets()
 
+    // distinguishes between identity and equality for date/time values
+    // ie: two values representing the same "moment in time" but with different
+    // remembered timezones are now equal but not identical.
+    @Override
+    public boolean isIdentical(Object value1, Object value2) {
+        if (!(value1 instanceof DateTimeData) || !(value2 instanceof DateTimeData)) {
+            return false;
+        }
 
-        // distinguishes between identity and equality for date/time values
-        // ie: two values representing the same "moment in time" but with different
-        // remembered timezones are now equal but not identical.
-        public boolean isIdentical (Object value1, Object value2) {
-                if (!(value1 instanceof DateTimeData) || !(value2 instanceof DateTimeData)) {
-                        return false;
-                }
+        DateTimeData v1 = (DateTimeData) value1;
+        DateTimeData v2 = (DateTimeData) value2;
 
-                DateTimeData v1 = (DateTimeData)value1;
-                DateTimeData v2 = (DateTimeData)value2;
+        // original timezones must be the same in addition to date/time values
+        // being 'equal'
+        if ((v1.timezoneHr == v2.timezoneHr) && (v1.timezoneMin == v2.timezoneMin)) {
+            return v1.equals(v2);
+        }
 
-                // original timezones must be the same in addition to date/time values
-                // being 'equal'
-                if ((v1.timezoneHr == v2.timezoneHr) && (v1.timezoneMin == v2.timezoneMin)) {
-                        return v1.equals(v2);
-                }
+        return false;
+    }//isIdentical()
 
-                return false;
-        }//isIdentical()
+    // the parameters are in compiled form (from getActualValue)
+    @Override
+    public int compare(Object value1, Object value2) {
+        return compareDates(((DateTimeData) value1),
+                ((DateTimeData) value2), true);
+    }//compare()
 
-        // the parameters are in compiled form (from getActualValue)
-        public int compare (Object value1, Object value2) {
-                return compareDates(((DateTimeData)value1),
-                                ((DateTimeData)value2), true);
-        }//compare()
+    /**
+     * Compare algorithm described in dateDime (3.2.7). Duration datatype
+     * overwrites this method
+     *
+     * @param date1 normalized date representation of the first value
+     * @param date2 normalized date representation of the second value
+     * @param strict
+     * @return less, greater, less_equal, greater_equal, equal
+     */
+    protected short compareDates(DateTimeData date1, DateTimeData date2, boolean strict) {
+        if (date1.utc == date2.utc) {
+            return compareOrder(date1, date2);
+        }
+        short c1, c2;
+
+        DateTimeData tempDate = new DateTimeData(null, this);
+
+        if (date1.utc == 'Z') {
+
+            //compare date1<=date1<=(date2 with time zone -14)
+            //
+            cloneDate(date2, tempDate); //clones date1 value to global temporary storage: fTempDate
+            tempDate.timezoneHr = 14;
+            tempDate.timezoneMin = 0;
+            tempDate.utc = '+';
+            normalize(tempDate);
+            c1 = compareOrder(date1, tempDate);
+            if (c1 == LESS_THAN) {
+                return c1;
+            }
+
+            //compare date1>=(date2 with time zone +14)
+            //
+            cloneDate(date2, tempDate); //clones date1 value to global temporary storage: tempDate
+            tempDate.timezoneHr = -14;
+            tempDate.timezoneMin = 0;
+            tempDate.utc = '-';
+            normalize(tempDate);
+            c2 = compareOrder(date1, tempDate);
+            if (c2 == GREATER_THAN) {
+                return c2;
+            }
+
+            return INDETERMINATE;
+        } else if (date2.utc == 'Z') {
+
+            //compare (date1 with time zone -14)<=date2
+            //
+            cloneDate(date1, tempDate); //clones date1 value to global temporary storage: tempDate
+            tempDate.timezoneHr = -14;
+            tempDate.timezoneMin = 0;
+            tempDate.utc = '-';
+            if (DEBUG) {
+                System.out.println("tempDate=" + dateToString(tempDate));
+            }
+            normalize(tempDate);
+            c1 = compareOrder(tempDate, date2);
+            if (DEBUG) {
+                System.out.println("date=" + dateToString(date2));
+                System.out.println("tempDate=" + dateToString(tempDate));
+            }
+            if (c1 == LESS_THAN) {
+                return c1;
+            }
+
+            //compare (date1 with time zone +14)<=date2
+            //
+            cloneDate(date1, tempDate); //clones date1 value to global temporary storage: tempDate
+            tempDate.timezoneHr = 14;
+            tempDate.timezoneMin = 0;
+            tempDate.utc = '+';
+            normalize(tempDate);
+            c2 = compareOrder(tempDate, date2);
+            if (DEBUG) {
+                System.out.println("tempDate=" + dateToString(tempDate));
+            }
+            if (c2 == GREATER_THAN) {
+                return c2;
+            }
+
+            return INDETERMINATE;
+        }
+        return INDETERMINATE;
+
+    }
+
+    /**
+     * Given normalized values, determines order-relation between give date/time
+     * objects.
+     *
+     * @param date1 date/time object
+     * @param date2 date/time object
+     * @return 0 if date1 and date2 are equal, a value less than 0 if date1 is
+     * less than date2, a value greater than 0 if date1 is greater than date2
+     */
+    protected short compareOrder(DateTimeData date1, DateTimeData date2) {
+        if (date1.position < 1) {
+            if (date1.year < date2.year) {
+                return -1;
+            }
+            if (date1.year > date2.year) {
+                return 1;
+            }
+        }
+        if (date1.position < 2) {
+            if (date1.month < date2.month) {
+                return -1;
+            }
+            if (date1.month > date2.month) {
+                return 1;
+            }
+        }
+        if (date1.day < date2.day) {
+            return -1;
+        }
+        if (date1.day > date2.day) {
+            return 1;
+        }
+        if (date1.hour < date2.hour) {
+            return -1;
+        }
+        if (date1.hour > date2.hour) {
+            return 1;
+        }
+        if (date1.minute < date2.minute) {
+            return -1;
+        }
+        if (date1.minute > date2.minute) {
+            return 1;
+        }
+        if (date1.second < date2.second) {
+            return -1;
+        }
+        if (date1.second > date2.second) {
+            return 1;
+        }
+        if (date1.utc < date2.utc) {
+            return -1;
+        }
+        if (date1.utc > date2.utc) {
+            return 1;
+        }
+        return 0;
+    }
+
+    /**
+     * Parses time hh:mm:ss.sss and time zone if any
+     *
+     * @param start
+     * @param end
+     * @param data
+     * @exception RuntimeException
+     */
+    protected void getTime(String buffer, int start, int end, DateTimeData data) throws RuntimeException {
+
+        int stop = start + 2;
+
+        //get hours (hh)
+        data.hour = parseInt(buffer, start, stop);
+
+        //get minutes (mm)
+
+        if (buffer.charAt(stop++) != ':') {
+            throw new RuntimeException("Error in parsing time zone");
+        }
+        start = stop;
+        stop = stop + 2;
+        data.minute = parseInt(buffer, start, stop);
+
+        //get seconds (ss)
+        if (buffer.charAt(stop++) != ':') {
+            throw new RuntimeException("Error in parsing time zone");
+        }
+
+        //find UTC sign if any
+        int sign = findUTCSign(buffer, start, end);
+
+        //get seconds (ms)
+        start = stop;
+        stop = sign < 0 ? end : sign;
+        data.second = parseSecond(buffer, start, stop);
+
+        //parse UTC time zone (hh:mm)
+        if (sign > 0) {
+            getTimeZone(buffer, data, sign, end);
+        }
+    }
+
+    /**
+     * Parses date CCYY-MM-DD
+     *
+     * @param buffer
+     * @param start start position
+     * @param end end position
+     * @param date
+     * @exception RuntimeException
+     */
+    protected int getDate(String buffer, int start, int end, DateTimeData date) throws RuntimeException {
+
+        start = getYearMonth(buffer, start, end, date);
+
+        if (buffer.charAt(start++) != '-') {
+            throw new RuntimeException("CCYY-MM must be followed by '-' sign");
+        }
+        int stop = start + 2;
+        date.day = parseInt(buffer, start, stop);
+        return stop;
+    }
+
+    /**
+     * Parses date CCYY-MM
+     *
+     * @param buffer
+     * @param start start position
+     * @param end end position
+     * @param date
+     * @exception RuntimeException
+     */
+    protected int getYearMonth(String buffer, int start, int end, DateTimeData date) throws RuntimeException {
+
+        if (buffer.charAt(0) == '-') {
+            // REVISIT: date starts with preceding '-' sign
+            //          do we have to do anything with it?
+            //
+            start++;
+        }
+        int i = indexOf(buffer, start, end, '-');
+        if (i == -1) {
+            throw new RuntimeException("Year separator is missing or misplaced");
+        }
+        int length = i - start;
+        if (length < 4) {
+            throw new RuntimeException("Year must have 'CCYY' format");
+        } else if (length > 4 && buffer.charAt(start) == '0') {
+            throw new RuntimeException("Leading zeros are required if the year value would otherwise have fewer than four digits; otherwise they are forbidden");
+        }
+        date.year = parseIntYear(buffer, i);
+        if (buffer.charAt(i) != '-') {
+            throw new RuntimeException("CCYY must be followed by '-' sign");
+        }
+        start = ++i;
+        i = start + 2;
+        date.month = parseInt(buffer, start, i);
+        return i; //fStart points right after the MONTH
+    }
+
+    /**
+     * Shared code from Date and YearMonth datatypes. Finds if time zone sign is
+     * present
+     *
+     * @param end
+     * @param date
+     * @exception RuntimeException
+     */
+    protected void parseTimeZone(String buffer, int start, int end, DateTimeData date) throws RuntimeException {
+
+        //fStart points right after the date
+
+        if (start < end) {
+            if (!isNextCharUTCSign(buffer, start, end)) {
+                throw new RuntimeException("Error in month parsing");
+            } else {
+                getTimeZone(buffer, date, start, end);
+            }
+        }
+    }
+
+    /**
+     * Parses time zone: 'Z' or {+,-} followed by hh:mm
+     *
+     * @param data
+     * @param sign
+     * @exception RuntimeException
+     */
+    protected void getTimeZone(String buffer, DateTimeData data, int sign, int end) throws RuntimeException {
+        data.utc = buffer.charAt(sign);
+
+        if (buffer.charAt(sign) == 'Z') {
+            if (end > (++sign)) {
+                throw new RuntimeException("Error in parsing time zone");
+            }
+            return;
+        }
+        if (sign <= (end - 6)) {
+
+            int negate = buffer.charAt(sign) == '-' ? -1 : 1;
+            //parse hr
+            int stop = ++sign + 2;
+            data.timezoneHr = negate * parseInt(buffer, sign, stop);
+            if (buffer.charAt(stop++) != ':') {
+                throw new RuntimeException("Error in parsing time zone");
+            }
+
+            //parse min
+            data.timezoneMin = negate * parseInt(buffer, stop, stop + 2);
+
+            if (stop + 2 != end) {
+                throw new RuntimeException("Error in parsing time zone");
+            }
+            if (data.timezoneHr != 0 || data.timezoneMin != 0) {
+                data.normalized = false;
+            }
+        } else {
+            throw new RuntimeException("Error in parsing time zone");
+        }
+        if (DEBUG) {
+            System.out.println("time[hh]=" + data.timezoneHr + " time[mm]=" + data.timezoneMin);
+        }
+    }
+
+    /**
+     * Computes index of given char within StringBuffer
+     *
+     * @param start
+     * @param end
+     * @param ch character to look for in StringBuffer
+     * @return index of ch within StringBuffer
+     */
+    protected int indexOf(String buffer, int start, int end, char ch) {
+        for (int i = start; i < end; i++) {
+            if (buffer.charAt(i) == ch) {
+                return i;
+            }
+        }
+        return -1;
+    }
+
+    /**
+     * Validates given date/time object accoring to W3C PR Schema [D.1 ISO 8601
+     * Conventions]
+     *
+     * @param data
+     */
+    protected void validateDateTime(DateTimeData data) {
+
+        //REVISIT: should we throw an exception for not valid dates
+        //          or reporting an error message should be sufficient?
 
         /**
-         * Compare algorithm described in dateDime (3.2.7).
-         * Duration datatype overwrites this method
-         *
-         * @param date1  normalized date representation of the first value
-         * @param date2  normalized date representation of the second value
-         * @param strict
-         * @return less, greater, less_equal, greater_equal, equal
+         * XML Schema 1.1 - RQ-123: Allow year 0000 in date related types.
          */
-        protected short compareDates(DateTimeData date1, DateTimeData date2, boolean strict) {
-                if (date1.utc == date2.utc) {
-                        return compareOrder(date1, date2);
-                }
-                short c1, c2;
-
-                DateTimeData tempDate = new DateTimeData(null, this);
-
-                if ( date1.utc=='Z' ) {
-
-                        //compare date1<=date1<=(date2 with time zone -14)
-                        //
-                        cloneDate(date2, tempDate); //clones date1 value to global temporary storage: fTempDate
-                        tempDate.timezoneHr=14;
-                        tempDate.timezoneMin = 0;
-                        tempDate.utc='+';
-                        normalize(tempDate);
-                        c1 = compareOrder(date1, tempDate);
-                        if (c1 == LESS_THAN)
-                                return c1;
-
-                        //compare date1>=(date2 with time zone +14)
-                        //
-                        cloneDate(date2, tempDate); //clones date1 value to global temporary storage: tempDate
-                        tempDate.timezoneHr = -14;
-                        tempDate.timezoneMin = 0;
-                        tempDate.utc='-';
-                        normalize(tempDate);
-                        c2 = compareOrder(date1, tempDate);
-                        if (c2 == GREATER_THAN)
-                                return c2;
-
-                        return INDETERMINATE;
-                }
-                else if ( date2.utc=='Z' ) {
-
-                        //compare (date1 with time zone -14)<=date2
-                        //
-                        cloneDate(date1, tempDate); //clones date1 value to global temporary storage: tempDate
-                        tempDate.timezoneHr = -14;
-                        tempDate.timezoneMin = 0;
-                        tempDate.utc='-';
-                        if (DEBUG) {
-                                System.out.println("tempDate=" + dateToString(tempDate));
-                        }
-                        normalize(tempDate);
-                        c1 = compareOrder(tempDate, date2);
-                        if (DEBUG) {
-                                System.out.println("date=" + dateToString(date2));
-                                System.out.println("tempDate=" + dateToString(tempDate));
-                        }
-                        if (c1 == LESS_THAN)
-                                return c1;
-
-                        //compare (date1 with time zone +14)<=date2
-                        //
-                        cloneDate(date1, tempDate); //clones date1 value to global temporary storage: tempDate
-                        tempDate.timezoneHr = 14;
-                        tempDate.timezoneMin = 0;
-                        tempDate.utc='+';
-                        normalize(tempDate);
-                        c2 = compareOrder(tempDate, date2);
-                        if (DEBUG) {
-                                System.out.println("tempDate=" + dateToString(tempDate));
-                        }
-                        if (c2 == GREATER_THAN)
-                                return c2;
-
-                        return INDETERMINATE;
-                }
-                return INDETERMINATE;
+        if (!Constants.SCHEMA_1_1_SUPPORT && data.year == 0) {
+            throw new RuntimeException("The year \"0000\" is an illegal year value");
 
         }
 
-        /**
-         * Given normalized values, determines order-relation
-         * between give date/time objects.
-         *
-         * @param date1  date/time object
-         * @param date2  date/time object
-         * @return 0 if date1 and date2 are equal, a value less than 0 if date1 is less than date2, a value greater than 0 if date1 is greater than date2
-         */
-        protected short compareOrder(DateTimeData date1, DateTimeData date2) {
-                if(date1.position < 1) {
-                        if (date1.year < date2.year)
-                                return -1;
-                        if (date1.year > date2.year)
-                                return 1;
-                }
-                if(date1.position < 2) {
-                        if (date1.month < date2.month)
-                                return -1;
-                        if (date1.month > date2.month)
-                                return 1;
-                }
-                if (date1.day < date2.day)
-                        return -1;
-                if (date1.day > date2.day)
-                        return 1;
-                if (date1.hour < date2.hour)
-                        return -1;
-                if (date1.hour > date2.hour)
-                        return 1;
-                if (date1.minute < date2.minute)
-                        return -1;
-                if (date1.minute > date2.minute)
-                        return 1;
-                if (date1.second < date2.second)
-                        return -1;
-                if (date1.second > date2.second)
-                        return 1;
-                if (date1.utc < date2.utc)
-                        return -1;
-                if (date1.utc > date2.utc)
-                        return 1;
-                return 0;
-        }
-
-        /**
-         * Parses time hh:mm:ss.sss and time zone if any
-         *
-         * @param start
-         * @param end
-         * @param data
-         * @exception RuntimeException
-         */
-        protected  void getTime (String buffer, int start, int end, DateTimeData data) throws RuntimeException{
-
-                int stop = start+2;
-
-                //get hours (hh)
-                data.hour=parseInt(buffer, start,stop);
-
-                //get minutes (mm)
-
-                if (buffer.charAt(stop++)!=':') {
-                        throw new RuntimeException("Error in parsing time zone" );
-                }
-                start = stop;
-                stop = stop+2;
-                data.minute=parseInt(buffer, start,stop);
-
-                //get seconds (ss)
-                if (buffer.charAt(stop++)!=':') {
-                        throw new RuntimeException("Error in parsing time zone" );
-                }
-
-                //find UTC sign if any
-                int sign = findUTCSign(buffer, start, end);
-
-                //get seconds (ms)
-                start = stop;
-                stop = sign < 0 ? end : sign;
-                data.second = parseSecond(buffer, start, stop);
-
-                //parse UTC time zone (hh:mm)
-                if (sign > 0) {
-                        getTimeZone(buffer, data, sign, end);
-                }
-        }
-
-        /**
-         * Parses date CCYY-MM-DD
-         *
-         * @param buffer
-         * @param start start position
-         * @param end end position
-         * @param date
-         * @exception RuntimeException
-         */
-        protected int getDate (String buffer, int start, int end, DateTimeData date) throws RuntimeException{
-
-                start = getYearMonth(buffer, start, end, date);
-
-                if (buffer.charAt(start++) !='-') {
-                        throw new RuntimeException("CCYY-MM must be followed by '-' sign");
-                }
-                int stop = start + 2;
-                date.day=parseInt(buffer, start, stop);
-                return stop;
-        }
-
-        /**
-         * Parses date CCYY-MM
-         *
-         * @param buffer
-         * @param start start position
-         * @param end end position
-         * @param date
-         * @exception RuntimeException
-         */
-        protected int getYearMonth (String buffer, int start, int end, DateTimeData date) throws RuntimeException{
-
-                if ( buffer.charAt(0)=='-' ) {
-                        // REVISIT: date starts with preceding '-' sign
-                        //          do we have to do anything with it?
-                        //
-                        start++;
-                }
-                int i = indexOf(buffer, start, end, '-');
-                if ( i==-1 ) throw new RuntimeException("Year separator is missing or misplaced");
-                int length = i-start;
-                if (length<4) {
-                        throw new RuntimeException("Year must have 'CCYY' format");
-                }
-                else if (length > 4 && buffer.charAt(start)=='0'){
-                        throw new RuntimeException("Leading zeros are required if the year value would otherwise have fewer than four digits; otherwise they are forbidden");
-                }
-                date.year= parseIntYear(buffer, i);
-                if (buffer.charAt(i)!='-') {
-                        throw new RuntimeException("CCYY must be followed by '-' sign");
-                }
-                start = ++i;
-                i = start +2;
-                date.month=parseInt(buffer, start, i);
-                return i; //fStart points right after the MONTH
-        }
-
-        /**
-         * Shared code from Date and YearMonth datatypes.
-         * Finds if time zone sign is present
-         *
-         * @param end
-         * @param date
-         * @exception RuntimeException
-         */
-        protected void parseTimeZone (String buffer, int start, int end, DateTimeData date) throws RuntimeException{
-
-                //fStart points right after the date
-
-                if ( start < end ) {
-                        if (!isNextCharUTCSign(buffer, start, end)) {
-                                throw new RuntimeException ("Error in month parsing");
-                        }
-                        else {
-                                getTimeZone(buffer, date, start, end);
-                        }
-                }
-        }
-
-        /**
-         * Parses time zone: 'Z' or {+,-} followed by  hh:mm
-         *
-         * @param data
-         * @param sign
-         * @exception RuntimeException
-         */
-        protected void getTimeZone (String buffer, DateTimeData data, int sign, int end) throws RuntimeException{
-                data.utc=buffer.charAt(sign);
-
-                if ( buffer.charAt(sign) == 'Z' ) {
-                        if (end>(++sign)) {
-                                throw new RuntimeException("Error in parsing time zone");
-                        }
-                        return;
-                }
-                if ( sign<=(end-6) ) {
-
-                        int negate = buffer.charAt(sign) == '-'?-1:1;
-                        //parse hr
-                        int stop = ++sign+2;
-                        data.timezoneHr = negate*parseInt(buffer, sign, stop);
-                        if (buffer.charAt(stop++)!=':') {
-                                throw new RuntimeException("Error in parsing time zone" );
-                        }
-
-                        //parse min
-                        data.timezoneMin = negate*parseInt(buffer, stop, stop+2);
-
-                        if ( stop+2!=end ) {
-                                throw new RuntimeException("Error in parsing time zone");
-                        }
-            if(data.timezoneHr != 0 || data.timezoneMin != 0)
-                data.normalized = false;
-                }
-                else {
-                        throw new RuntimeException("Error in parsing time zone");
-                }
-                if ( DEBUG ) {
-                        System.out.println("time[hh]="+data.timezoneHr + " time[mm]=" +data.timezoneMin);
-                }
-        }
-
-        /**
-         * Computes index of given char within StringBuffer
-         *
-         * @param start
-         * @param end
-         * @param ch     character to look for in StringBuffer
-         * @return index of ch within StringBuffer
-         */
-        protected  int indexOf (String buffer, int start, int end, char ch) {
-                for ( int i=start;i<end;i++ ) {
-                        if ( buffer.charAt(i) == ch ) {
-                                return i;
-                        }
-                }
-                return -1;
-        }
-
-        /**
-         * Validates given date/time object accoring to W3C PR Schema
-         * [D.1 ISO 8601 Conventions]
-         *
-         * @param data
-         */
-        protected void validateDateTime (DateTimeData data) {
-
-                //REVISIT: should we throw an exception for not valid dates
-                //          or reporting an error message should be sufficient?
-
-                /**
-                 * XML Schema 1.1 - RQ-123: Allow year 0000 in date related types.
-                 */
-                if (!Constants.SCHEMA_1_1_SUPPORT && data.year==0 ) {
-                        throw new RuntimeException("The year \"0000\" is an illegal year value");
-
-                }
-
-                if ( data.month<1 || data.month>12 ) {
-                        throw new RuntimeException("The month must have values 1 to 12");
-
-                }
-
-                //validate days
-                if ( data.day>maxDayInMonthFor(data.year, data.month) || data.day<1 ) {
-                        throw new RuntimeException("The day must have values 1 to 31");
-                }
-
-                //validate hours
-                if ( data.hour>23 || data.hour<0 ) {
-                        if (data.hour == 24 && data.minute == 0 && data.second == 0) {
-                                data.hour = 0;
-                                if (++data.day > maxDayInMonthFor(data.year, data.month)) {
-                                        data.day = 1;
-                                        if (++data.month > 12) {
-                                                data.month = 1;
-                                                if (Constants.SCHEMA_1_1_SUPPORT) {
-                                                        ++data.year;
-                                                }
-                                                else if (++data.year == 0) {
-                                                        data.year = 1;
-                                                }
-                                        }
-                                }
-                        }
-                        else {
-                                throw new RuntimeException("Hour must have values 0-23, unless 24:00:00");
-                        }
-                }
-
-                //validate
-                if ( data.minute>59 || data.minute<0 ) {
-                        throw new RuntimeException("Minute must have values 0-59");
-                }
-
-                //validate
-                if ( data.second>=60 || data.second<0 ) {
-                        throw new RuntimeException("Second must have values 0-59");
-
-                }
-
-                //validate
-                if ( data.timezoneHr>14 || data.timezoneHr<-14 ) {
-                        throw new RuntimeException("Time zone should have range -14:00 to +14:00");
-                }
-                else {
-                        if((data.timezoneHr == 14 || data.timezoneHr == -14) && data.timezoneMin != 0)
-                                throw new RuntimeException("Time zone should have range -14:00 to +14:00");
-                        else if(data.timezoneMin > 59 || data.timezoneMin < -59)
-                                throw new RuntimeException("Minute must have values 0-59");
-                }
+        if (data.month < 1 || data.month > 12) {
+            throw new RuntimeException("The month must have values 1 to 12");
 
         }
 
-        /**
-         * Return index of UTC char: 'Z', '+', '-'
-         *
-         * @param start
-         * @param end
-         * @return index of the UTC character that was found
-         */
-        protected int findUTCSign (String buffer, int start, int end) {
-                int c;
-                for ( int i=start;i<end;i++ ) {
-                        c=buffer.charAt(i);
-                        if ( c == 'Z' || c=='+' || c=='-' ) {
-                                return i;
-                        }
-
-                }
-                return -1;
+        //validate days
+        if (data.day > maxDayInMonthFor(data.year, data.month) || data.day < 1) {
+            throw new RuntimeException("The day must have values 1 to 31");
         }
 
+        //validate hours
+        if (data.hour > 23 || data.hour < 0) {
+            if (data.hour == 24 && data.minute == 0 && data.second == 0) {
+                data.hour = 0;
+                if (++data.day > maxDayInMonthFor(data.year, data.month)) {
+                    data.day = 1;
+                    if (++data.month > 12) {
+                        data.month = 1;
+                        if (Constants.SCHEMA_1_1_SUPPORT) {
+                            ++data.year;
+                        } else if (++data.year == 0) {
+                            data.year = 1;
+                        }
+                    }
+                }
+            } else {
+                throw new RuntimeException("Hour must have values 0-23, unless 24:00:00");
+            }
+        }
+
+        //validate
+        if (data.minute > 59 || data.minute < 0) {
+            throw new RuntimeException("Minute must have values 0-59");
+        }
+
+        //validate
+        if (data.second >= 60 || data.second < 0) {
+            throw new RuntimeException("Second must have values 0-59");
+
+        }
+
+        //validate
+        if (data.timezoneHr > 14 || data.timezoneHr < -14) {
+            throw new RuntimeException("Time zone should have range -14:00 to +14:00");
+        } else {
+            if ((data.timezoneHr == 14 || data.timezoneHr == -14) && data.timezoneMin != 0) {
+                throw new RuntimeException("Time zone should have range -14:00 to +14:00");
+            } else if (data.timezoneMin > 59 || data.timezoneMin < -59) {
+                throw new RuntimeException("Minute must have values 0-59");
+            }
+        }
+
+    }
+
     /**
-     * Returns <code>true</code> if the character at start is 'Z', '+' or '-'.
+     * Return index of UTC char: 'Z', '+', '-'
+     *
+     * @param start
+     * @param end
+     * @return index of the UTC character that was found
+     */
+    protected int findUTCSign(String buffer, int start, int end) {
+        int c;
+        for (int i = start; i < end; i++) {
+            c = buffer.charAt(i);
+            if (c == 'Z' || c == '+' || c == '-') {
+                return i;
+            }
+
+        }
+        return -1;
+    }
+
+    /**
+     * Returns
+     * <code>true</code> if the character at start is 'Z', '+' or '-'.
      */
     protected final boolean isNextCharUTCSign(String buffer, int start, int end) {
         if (start < end) {
@@ -510,135 +525,145 @@
         return false;
     }
 
-        /**
-         * Given start and end position, parses string value
-         *
-         * @param buffer string to parse
-         * @param start  start position
-         * @param end    end position
-         * @return  return integer representation of characters
-         */
-        protected  int parseInt (String buffer, int start, int end)
-        throws NumberFormatException{
-                //REVISIT: more testing on this parsing needs to be done.
-                int radix=10;
-                int result = 0;
-                int digit=0;
-                int limit = -Integer.MAX_VALUE;
-                int multmin = limit / radix;
-                int i = start;
-                do {
-                        digit = getDigit(buffer.charAt(i));
-                        if ( digit < 0 ) throw new NumberFormatException("'" + buffer + "' has wrong format");
-                        if ( result < multmin ) throw new NumberFormatException("'" + buffer + "' has wrong format");
-                        result *= radix;
-                        if ( result < limit + digit ) throw new NumberFormatException("'" + buffer + "' has wrong format");
-                        result -= digit;
+    /**
+     * Given start and end position, parses string value
+     *
+     * @param buffer string to parse
+     * @param start start position
+     * @param end end position
+     * @return return integer representation of characters
+     */
+    protected int parseInt(String buffer, int start, int end)
+            throws NumberFormatException {
+        //REVISIT: more testing on this parsing needs to be done.
+        int radix = 10;
+        int result = 0;
+        int digit = 0;
+        int limit = -Integer.MAX_VALUE;
+        int multmin = limit / radix;
+        int i = start;
+        do {
+            digit = getDigit(buffer.charAt(i));
+            if (digit < 0) {
+                throw new NumberFormatException("'" + buffer + "' has wrong format");
+            }
+            if (result < multmin) {
+                throw new NumberFormatException("'" + buffer + "' has wrong format");
+            }
+            result *= radix;
+            if (result < limit + digit) {
+                throw new NumberFormatException("'" + buffer + "' has wrong format");
+            }
+            result -= digit;
 
-                }while ( ++i < end );
-                return -result;
+        } while (++i < end);
+        return -result;
+    }
+
+    // parse Year differently to support negative value.
+    protected int parseIntYear(String buffer, int end) {
+        int radix = 10;
+        int result = 0;
+        boolean negative = false;
+        int i = 0;
+        int limit;
+        int multmin;
+        int digit = 0;
+
+        if (buffer.charAt(0) == '-') {
+            negative = true;
+            limit = Integer.MIN_VALUE;
+            i++;
+
+        } else {
+            limit = -Integer.MAX_VALUE;
+        }
+        multmin = limit / radix;
+        while (i < end) {
+            digit = getDigit(buffer.charAt(i++));
+            if (digit < 0) {
+                throw new NumberFormatException("'" + buffer + "' has wrong format");
+            }
+            if (result < multmin) {
+                throw new NumberFormatException("'" + buffer + "' has wrong format");
+            }
+            result *= radix;
+            if (result < limit + digit) {
+                throw new NumberFormatException("'" + buffer + "' has wrong format");
+            }
+            result -= digit;
         }
 
-        // parse Year differently to support negative value.
-        protected int parseIntYear (String buffer, int end){
-                int radix=10;
-                int result = 0;
-                boolean negative = false;
-                int i=0;
-                int limit;
-                int multmin;
-                int digit=0;
+        if (negative) {
+            if (i > 1) {
+                return result;
+            } else {
+                throw new NumberFormatException("'" + buffer + "' has wrong format");
+            }
+        }
+        return -result;
 
-                if (buffer.charAt(0) == '-'){
-                        negative = true;
-                        limit = Integer.MIN_VALUE;
-                        i++;
+    }
 
-                }
-                else{
-                        limit = -Integer.MAX_VALUE;
-                }
-                multmin = limit / radix;
-                while (i < end)
-                {
-                        digit = getDigit(buffer.charAt(i++));
-                        if (digit < 0) throw new NumberFormatException("'" + buffer + "' has wrong format");
-                        if (result < multmin) throw new NumberFormatException("'" + buffer + "' has wrong format");
-                        result *= radix;
-                        if (result < limit + digit) throw new NumberFormatException("'" + buffer + "' has wrong format");
-                        result -= digit;
-                }
+    /**
+     * If timezone present - normalize dateTime [E Adding durations to
+     * dateTimes]
+     *
+     * @param date CCYY-MM-DDThh:mm:ss+03
+     */
+    protected void normalize(DateTimeData date) {
 
-                if (negative)
-                {
-                        if (i > 1) return result;
-                        else throw new NumberFormatException("'" + buffer + "' has wrong format");
-                }
-                return -result;
+        // REVISIT: we have common code in addDuration() for durations
+        //          should consider reorganizing it.
+        //
 
+        //add minutes (from time zone)
+        int negate = -1;
+
+        if (DEBUG) {
+            System.out.println("==>date.minute" + date.minute);
+            System.out.println("==>date.timezoneMin" + date.timezoneMin);
+        }
+        int temp = date.minute + negate * date.timezoneMin;
+        int carry = fQuotient(temp, 60);
+        date.minute = mod(temp, 60, carry);
+
+        if (DEBUG) {
+            System.out.println("==>carry: " + carry);
+        }
+        //add hours
+        temp = date.hour + negate * date.timezoneHr + carry;
+        carry = fQuotient(temp, 24);
+        date.hour = mod(temp, 24, carry);
+        if (DEBUG) {
+            System.out.println("==>date.hour" + date.hour);
+            System.out.println("==>carry: " + carry);
         }
 
-        /**
-         * If timezone present - normalize dateTime  [E Adding durations to dateTimes]
-         *
-         * @param date   CCYY-MM-DDThh:mm:ss+03
-         */
-        protected void normalize(DateTimeData date) {
+        date.day = date.day + carry;
 
-                // REVISIT: we have common code in addDuration() for durations
-                //          should consider reorganizing it.
-                //
+        while (true) {
+            temp = maxDayInMonthFor(date.year, date.month);
+            if (date.day < 1) {
+                date.day = date.day + maxDayInMonthFor(date.year, date.month - 1);
+                carry = -1;
+            } else if (date.day > temp) {
+                date.day = date.day - temp;
+                carry = 1;
+            } else {
+                break;
+            }
+            temp = date.month + carry;
+            date.month = modulo(temp, 1, 13);
+            date.year = date.year + fQuotient(temp, 1, 13);
+            if (date.year == 0 && !Constants.SCHEMA_1_1_SUPPORT) {
+                date.year = (date.timezoneHr < 0 || date.timezoneMin < 0) ? 1 : -1;
+            }
+        }
+        date.utc = 'Z';
+    }
 
-                //add minutes (from time zone)
-                int negate = -1;
-
-                if ( DEBUG ) {
-                        System.out.println("==>date.minute"+date.minute);
-                        System.out.println("==>date.timezoneMin" +date.timezoneMin);
-                }
-                int temp = date.minute + negate * date.timezoneMin;
-                int carry = fQuotient (temp, 60);
-                date.minute= mod(temp, 60, carry);
-
-                if ( DEBUG ) {
-                        System.out.println("==>carry: " + carry);
-                }
-                //add hours
-                temp = date.hour + negate * date.timezoneHr + carry;
-                carry = fQuotient(temp, 24);
-                date.hour=mod(temp, 24, carry);
-                if ( DEBUG ) {
-                        System.out.println("==>date.hour"+date.hour);
-                        System.out.println("==>carry: " + carry);
-                }
-
-                date.day=date.day+carry;
-
-                while ( true ) {
-                        temp=maxDayInMonthFor(date.year, date.month);
-                        if (date.day<1) {
-                                date.day = date.day + maxDayInMonthFor(date.year, date.month-1);
-                                carry=-1;
-                        }
-                        else if ( date.day>temp ) {
-                                date.day=date.day-temp;
-                                carry=1;
-                        }
-                        else {
-                                break;
-                        }
-                        temp=date.month+carry;
-                        date.month=modulo(temp, 1, 13);
-                        date.year=date.year+fQuotient(temp, 1, 13);
-            if(date.year == 0 && !Constants.SCHEMA_1_1_SUPPORT) {
-                date.year = (date.timezoneHr < 0 || date.timezoneMin < 0)?1:-1;
-            }
-                }
-                date.utc='Z';
-        }
-
-
-        /**
+    /**
      * @param date
      */
     protected void saveUnnormalized(DateTimeData date) {
@@ -651,154 +676,149 @@
     }
 
     /**
-         * Resets object representation of date/time
-         *
-         * @param data   date/time object
-         */
-        protected void resetDateObj(DateTimeData data) {
-                data.year = 0;
-                data.month = 0;
-                data.day = 0;
-                data.hour = 0;
-                data.minute = 0;
-                data.second = 0;
-                data.utc = 0;
-                data.timezoneHr = 0;
-                data.timezoneMin = 0;
+     * Resets object representation of date/time
+     *
+     * @param data date/time object
+     */
+    protected void resetDateObj(DateTimeData data) {
+        data.year = 0;
+        data.month = 0;
+        data.day = 0;
+        data.hour = 0;
+        data.minute = 0;
+        data.second = 0;
+        data.utc = 0;
+        data.timezoneHr = 0;
+        data.timezoneMin = 0;
+    }
+
+    /**
+     * Given {year,month} computes maximum number of days for given month
+     *
+     * @param year
+     * @param month
+     * @return integer containg the number of days in a given month
+     */
+    protected int maxDayInMonthFor(int year, int month) {
+        //validate days
+        if (month == 4 || month == 6 || month == 9 || month == 11) {
+            return 30;
+        } else if (month == 2) {
+            if (isLeapYear(year)) {
+                return 29;
+            } else {
+                return 28;
+            }
+        } else {
+            return 31;
         }
+    }
 
-        /**
-         * Given {year,month} computes maximum
-         * number of days for given month
-         *
-         * @param year
-         * @param month
-         * @return integer containg the number of days in a given month
-         */
-        protected int maxDayInMonthFor(int year, int month) {
-                //validate days
-                if ( month==4 || month==6 || month==9 || month==11 ) {
-                        return 30;
-                }
-                else if ( month==2 ) {
-                        if ( isLeapYear(year) ) {
-                                return 29;
-                        }
-                        else {
-                                return 28;
-                        }
-                }
-                else {
-                        return 31;
-                }
-        }
+    private boolean isLeapYear(int year) {
 
-        private boolean isLeapYear(int year) {
+        //REVISIT: should we take care about Julian calendar?
+        return ((year % 4 == 0) && ((year % 100 != 0) || (year % 400 == 0)));
+    }
 
-                //REVISIT: should we take care about Julian calendar?
-                return((year%4 == 0) && ((year%100 != 0) || (year%400 == 0)));
-        }
+    //
+    // help function described in W3C PR Schema [E Adding durations to dateTimes]
+    //
+    protected int mod(int a, int b, int quotient) {
+        //modulo(a, b) = a - fQuotient(a,b)*b
+        return (a - quotient * b);
+    }
 
-        //
-        // help function described in W3C PR Schema [E Adding durations to dateTimes]
-        //
-        protected int mod (int a, int b, int quotient) {
-                //modulo(a, b) = a - fQuotient(a,b)*b
-                return (a - quotient*b) ;
-        }
+    //
+    // help function described in W3C PR Schema [E Adding durations to dateTimes]
+    //
+    protected int fQuotient(int a, int b) {
 
-        //
-        // help function described in W3C PR Schema [E Adding durations to dateTimes]
-        //
-        protected int fQuotient (int a, int b) {
+        //fQuotient(a, b) = the greatest integer less than or equal to a/b
+        return (int) Math.floor((float) a / b);
+    }
 
-                //fQuotient(a, b) = the greatest integer less than or equal to a/b
-                return (int)Math.floor((float)a/b);
-        }
+    //
+    // help function described in W3C PR Schema [E Adding durations to dateTimes]
+    //
+    protected int modulo(int temp, int low, int high) {
+        //modulo(a - low, high - low) + low
+        int a = temp - low;
+        int b = high - low;
+        return (mod(a, b, fQuotient(a, b)) + low);
+    }
 
-        //
-        // help function described in W3C PR Schema [E Adding durations to dateTimes]
-        //
-        protected int modulo (int temp, int low, int high) {
-                //modulo(a - low, high - low) + low
-                int a = temp - low;
-                int b = high - low;
-                return (mod (a, b, fQuotient(a, b)) + low) ;
-        }
+    //
+    // help function described in W3C PR Schema [E Adding durations to dateTimes]
+    //
+    protected int fQuotient(int temp, int low, int high) {
+        //fQuotient(a - low, high - low)
 
-        //
-        // help function described in W3C PR Schema [E Adding durations to dateTimes]
-        //
-        protected int fQuotient (int temp, int low, int high) {
-                //fQuotient(a - low, high - low)
+        return fQuotient(temp - low, high - low);
+    }
 
-                return fQuotient(temp - low, high - low);
-        }
+    protected String dateToString(DateTimeData date) {
+        StringBuffer message = new StringBuffer(25);
+        append(message, date.year, 4);
+        message.append('-');
+        append(message, date.month, 2);
+        message.append('-');
+        append(message, date.day, 2);
+        message.append('T');
+        append(message, date.hour, 2);
+        message.append(':');
+        append(message, date.minute, 2);
+        message.append(':');
+        append(message, date.second);
+        append(message, (char) date.utc, 0);
+        return message.toString();
+    }
 
-
-        protected String dateToString(DateTimeData date) {
-                StringBuffer message = new StringBuffer(25);
-                append(message, date.year, 4);
-                message.append('-');
-                append(message, date.month, 2);
-                message.append('-');
-                append(message, date.day, 2);
-                message.append('T');
-                append(message, date.hour, 2);
-                message.append(':');
-                append(message, date.minute, 2);
-                message.append(':');
-                append(message, date.second);
-                append(message, (char)date.utc, 0);
-                return message.toString();
-        }
-
-        protected final void append(StringBuffer message, int value, int nch) {
+    protected final void append(StringBuffer message, int value, int nch) {
         if (value == Integer.MIN_VALUE) {
             message.append(value);
             return;
         }
-                if (value < 0) {
-                        message.append('-');
-                        value = -value;
-                }
-                if (nch == 4) {
-                        if (value < 10)
-                                message.append("000");
-                        else if (value < 100)
-                                message.append("00");
-                        else if (value < 1000)
-                                message.append('0');
-                        message.append(value);
-                }
-                else if (nch == 2) {
-                        if (value < 10)
-                                message.append('0');
-                        message.append(value);
-                }
-                else {
-                        if (value != 0)
-                                message.append((char)value);
-                }
+        if (value < 0) {
+            message.append('-');
+            value = -value;
         }
-
-        protected final void append(StringBuffer message, double value) {
-            if (value < 0) {
-                message.append('-');
-                value = -value;
+        if (nch == 4) {
+            if (value < 10) {
+                message.append("000");
+            } else if (value < 100) {
+                message.append("00");
+            } else if (value < 1000) {
+                message.append('0');
             }
+            message.append(value);
+        } else if (nch == 2) {
             if (value < 10) {
                 message.append('0');
             }
-            append2(message, value);
+            message.append(value);
+        } else {
+            if (value != 0) {
+                message.append((char) value);
+            }
         }
+    }
+
+    protected final void append(StringBuffer message, double value) {
+        if (value < 0) {
+            message.append('-');
+            value = -value;
+        }
+        if (value < 10) {
+            message.append('0');
+        }
+        append2(message, value);
+    }
 
     protected final void append2(StringBuffer message, double value) {
         final int intValue = (int) value;
         if (value == intValue) {
             message.append(intValue);
-        }
-        else {
+        } else {
             append3(message, value);
         }
     }
@@ -815,9 +835,8 @@
             // Need to convert from scientific notation of the form
             // n.nnn...E-N (N >= 4) to a normal decimal value.
             try {
-                exp = parseInt(d, eIndex+2, d.length());
-            }
-            // This should never happen.
+                exp = parseInt(d, eIndex + 2, d.length());
+            } // This should never happen.
             // It's only possible if String.valueOf(double) is broken.
             catch (Exception e) {
                 message.append(d);
@@ -843,14 +862,12 @@
                     message.append(c);
                 }
             }
-        }
-        else {
+        } else {
             // Need to convert from scientific notation of the form
             // n.nnn...EN (N >= 7) to a normal decimal value.
             try {
-                exp = parseInt(d, eIndex+1, d.length());
-            }
-            // This should never happen.
+                exp = parseInt(d, eIndex + 1, d.length());
+            } // This should never happen.
             // It's only possible if String.valueOf(double) is broken.
             catch (Exception e) {
                 message.append(d);
@@ -873,174 +890,220 @@
         }
     }
 
-        protected double parseSecond(String buffer, int start, int end)
-        throws NumberFormatException {
-                int dot = -1;
-                for (int i = start; i < end; i++) {
-                        char ch = buffer.charAt(i);
-                        if (ch == '.')
-                                dot = i;
-                        else if (ch > '9' || ch < '0')
-                                throw new NumberFormatException("'" + buffer + "' has wrong format");
-                }
-                if (dot == -1) {
-                        if (start+2 != end)
-                                throw new NumberFormatException("'" + buffer + "' has wrong format");
-                }
-                else if (start+2 != dot || dot+1 == end) {
-                        throw new NumberFormatException("'" + buffer + "' has wrong format");
-                }
-                return Double.parseDouble(buffer.substring(start, end));
+    protected double parseSecond(String buffer, int start, int end)
+            throws NumberFormatException {
+        int dot = -1;
+        for (int i = start; i < end; i++) {
+            char ch = buffer.charAt(i);
+            if (ch == '.') {
+                dot = i;
+            } else if (ch > '9' || ch < '0') {
+                throw new NumberFormatException("'" + buffer + "' has wrong format");
+            }
         }
+        if (dot == -1) {
+            if (start + 2 != end) {
+                throw new NumberFormatException("'" + buffer + "' has wrong format");
+            }
+        } else if (start + 2 != dot || dot + 1 == end) {
+            throw new NumberFormatException("'" + buffer + "' has wrong format");
+        }
+        return Double.parseDouble(buffer.substring(start, end));
+    }
 
-        //
-        //Private help functions
-        //
+    //
+    //Private help functions
+    //
+    private void cloneDate(DateTimeData finalValue, DateTimeData tempDate) {
+        tempDate.year = finalValue.year;
+        tempDate.month = finalValue.month;
+        tempDate.day = finalValue.day;
+        tempDate.hour = finalValue.hour;
+        tempDate.minute = finalValue.minute;
+        tempDate.second = finalValue.second;
+        tempDate.utc = finalValue.utc;
+        tempDate.timezoneHr = finalValue.timezoneHr;
+        tempDate.timezoneMin = finalValue.timezoneMin;
+    }
 
-        private void cloneDate (DateTimeData finalValue, DateTimeData tempDate) {
-                tempDate.year = finalValue.year;
-                tempDate.month = finalValue.month;
-                tempDate.day = finalValue.day;
-                tempDate.hour = finalValue.hour;
-                tempDate.minute = finalValue.minute;
-                tempDate.second = finalValue.second;
-                tempDate.utc = finalValue.utc;
-                tempDate.timezoneHr = finalValue.timezoneHr;
-                tempDate.timezoneMin = finalValue.timezoneMin;
-        }
+    /**
+     * Represents date time data
+     */
+    static final class DateTimeData implements XSDateTime {
 
-        /**
-         * Represents date time data
-         */
-        static final class DateTimeData implements XSDateTime {
-                int year, month, day, hour, minute, utc;
-                double second;
-                int timezoneHr, timezoneMin;
+        int year, month, day, hour, minute, utc;
+        double second;
+        int timezoneHr, timezoneMin;
         private String originalValue;
         boolean normalized = true;
-
         int unNormYear;
         int unNormMonth;
         int unNormDay;
         int unNormHour;
         int unNormMinute;
         double unNormSecond;
+        // used for comparisons - to decide the 'interesting' portions of
+        // a date/time based data type.
+        int position;
+        // a pointer to the type that was used go generate this data
+        // note that this is not the actual simple type, but one of the
+        // statically created XXXDV objects, so this won't cause any GC problem.
+        final AbstractDateTimeDV type;
+        private volatile String canonical;
 
-                // used for comparisons - to decide the 'interesting' portions of
-                // a date/time based data type.
-                int position;
-                // a pointer to the type that was used go generate this data
-                // note that this is not the actual simple type, but one of the
-                // statically created XXXDV objects, so this won't cause any GC problem.
-                final AbstractDateTimeDV type;
-                private String canonical;
-                public DateTimeData(String originalValue, AbstractDateTimeDV type) {
+        public DateTimeData(String originalValue, AbstractDateTimeDV type) {
             this.originalValue = originalValue;
-                        this.type = type;
-                }
-                public DateTimeData(int year, int month, int day, int hour, int minute,
-                                double second, int utc, String originalValue, boolean normalized, AbstractDateTimeDV type) {
-                        this.year = year;
-                        this.month = month;
-                        this.day = day;
-                        this.hour = hour;
-                        this.minute = minute;
-                        this.second = second;
-                        this.utc = utc;
-                        this.type = type;
+            this.type = type;
+        }
+
+        public DateTimeData(int year, int month, int day, int hour, int minute,
+                double second, int utc, String originalValue, boolean normalized, AbstractDateTimeDV type) {
+            this.year = year;
+            this.month = month;
+            this.day = day;
+            this.hour = hour;
+            this.minute = minute;
+            this.second = second;
+            this.utc = utc;
+            this.type = type;
             this.originalValue = originalValue;
-                }
-                public boolean equals(Object obj) {
-                        if (!(obj instanceof DateTimeData))
-                                return false;
-                        return type.compareDates(this, (DateTimeData)obj, true)==0;
-                }
-                public synchronized String toString() {
-                        if (canonical == null) {
-                                canonical = type.dateToString(this);
-                        }
-                        return canonical;
-                }
-                /* (non-Javadoc)
-                 * @see org.apache.xerces.xs.datatypes.XSDateTime#getYear()
-                 */
-                public int getYears() {
-            if(type instanceof DurationDV)
+        }
+
+        @Override
+        public boolean equals(Object obj) {
+            if (!(obj instanceof DateTimeData)) {
+                return false;
+            }
+            return type.compareDates(this, (DateTimeData) obj, true) == 0;
+        }
+
+        // If two DateTimeData are equals - then they should have the same
+        // hashcode. This means we need to convert the date to UTC before
+        // we return its hashcode.
+        // The DateTimeData is unfortunately mutable - so we cannot
+        // cache the result of the conversion...
+        //
+        @Override
+        public int hashCode() {
+            final DateTimeData tempDate = new DateTimeData(null, type);
+            type.cloneDate(this, tempDate);
+            type.normalize(tempDate);
+            return type.dateToString(tempDate).hashCode();
+        }
+
+        @Override
+        public String toString() {
+            if (canonical == null) {
+                canonical = type.dateToString(this);
+            }
+            return canonical;
+        }
+        /* (non-Javadoc)
+         * @see org.apache.xerces.xs.datatypes.XSDateTime#getYear()
+         */
+
+        @Override
+        public int getYears() {
+            if (type instanceof DurationDV) {
                 return 0;
-                        return normalized?year:unNormYear;
-                }
-                /* (non-Javadoc)
-                 * @see org.apache.xerces.xs.datatypes.XSDateTime#getMonth()
-                 */
-                public int getMonths() {
-            if(type instanceof DurationDV) {
-                return year*12 + month;
             }
-                        return normalized?month:unNormMonth;
-                }
-                /* (non-Javadoc)
-                 * @see org.apache.xerces.xs.datatypes.XSDateTime#getDay()
-                 */
-                public int getDays() {
-            if(type instanceof DurationDV)
+            return normalized ? year : unNormYear;
+        }
+        /* (non-Javadoc)
+         * @see org.apache.xerces.xs.datatypes.XSDateTime#getMonth()
+         */
+
+        @Override
+        public int getMonths() {
+            if (type instanceof DurationDV) {
+                return year * 12 + month;
+            }
+            return normalized ? month : unNormMonth;
+        }
+        /* (non-Javadoc)
+         * @see org.apache.xerces.xs.datatypes.XSDateTime#getDay()
+         */
+
+        @Override
+        public int getDays() {
+            if (type instanceof DurationDV) {
                 return 0;
-                        return normalized?day:unNormDay;
-                }
-                /* (non-Javadoc)
-                 * @see org.apache.xerces.xs.datatypes.XSDateTime#getHour()
-                 */
-                public int getHours() {
-            if(type instanceof DurationDV)
+            }
+            return normalized ? day : unNormDay;
+        }
+        /* (non-Javadoc)
+         * @see org.apache.xerces.xs.datatypes.XSDateTime#getHour()
+         */
+
+        @Override
+        public int getHours() {
+            if (type instanceof DurationDV) {
                 return 0;
-                        return normalized?hour:unNormHour;
-                }
-                /* (non-Javadoc)
-                 * @see org.apache.xerces.xs.datatypes.XSDateTime#getMinutes()
-                 */
-                public int getMinutes() {
-            if(type instanceof DurationDV)
+            }
+            return normalized ? hour : unNormHour;
+        }
+        /* (non-Javadoc)
+         * @see org.apache.xerces.xs.datatypes.XSDateTime#getMinutes()
+         */
+
+        @Override
+        public int getMinutes() {
+            if (type instanceof DurationDV) {
                 return 0;
-                        return normalized?minute:unNormMinute;
-                }
-                /* (non-Javadoc)
-                 * @see org.apache.xerces.xs.datatypes.XSDateTime#getSeconds()
-                 */
-                public double getSeconds() {
-            if(type instanceof DurationDV) {
-                return day*24*60*60 + hour*60*60 + minute*60 + second;
             }
-                        return normalized?second:unNormSecond;
-                }
-                /* (non-Javadoc)
-                 * @see org.apache.xerces.xs.datatypes.XSDateTime#hasTimeZone()
-                 */
-                public boolean hasTimeZone() {
-                        return utc != 0;
-                }
-                /* (non-Javadoc)
-                 * @see org.apache.xerces.xs.datatypes.XSDateTime#getTimeZoneHours()
-                 */
-                public int getTimeZoneHours() {
-                        return timezoneHr;
-                }
-                /* (non-Javadoc)
-                 * @see org.apache.xerces.xs.datatypes.XSDateTime#getTimeZoneMinutes()
-                 */
-                public int getTimeZoneMinutes() {
-                        return timezoneMin;
-                }
+            return normalized ? minute : unNormMinute;
+        }
+        /* (non-Javadoc)
+         * @see org.apache.xerces.xs.datatypes.XSDateTime#getSeconds()
+         */
+
+        @Override
+        public double getSeconds() {
+            if (type instanceof DurationDV) {
+                return day * 24 * 60 * 60 + hour * 60 * 60 + minute * 60 + second;
+            }
+            return normalized ? second : unNormSecond;
+        }
+        /* (non-Javadoc)
+         * @see org.apache.xerces.xs.datatypes.XSDateTime#hasTimeZone()
+         */
+
+        @Override
+        public boolean hasTimeZone() {
+            return utc != 0;
+        }
+        /* (non-Javadoc)
+         * @see org.apache.xerces.xs.datatypes.XSDateTime#getTimeZoneHours()
+         */
+
+        @Override
+        public int getTimeZoneHours() {
+            return timezoneHr;
+        }
+        /* (non-Javadoc)
+         * @see org.apache.xerces.xs.datatypes.XSDateTime#getTimeZoneMinutes()
+         */
+
+        @Override
+        public int getTimeZoneMinutes() {
+            return timezoneMin;
+        }
         /* (non-Javadoc)
          * @see org.apache.xerces.xs.datatypes.XSDateTime#getLexicalValue()
          */
+
+        @Override
         public String getLexicalValue() {
             return originalValue;
         }
         /* (non-Javadoc)
          * @see org.apache.xerces.xs.datatypes.XSDateTime#normalize()
          */
+
+        @Override
         public XSDateTime normalize() {
-            if(!normalized) {
-                DateTimeData dt = (DateTimeData)this.clone();
+            if (!normalized) {
+                DateTimeData dt = (DateTimeData) this.clone();
                 dt.normalized = true;
                 return dt;
             }
@@ -1049,13 +1112,16 @@
         /* (non-Javadoc)
          * @see org.apache.xerces.xs.datatypes.XSDateTime#isNormalized()
          */
+
+        @Override
         public boolean isNormalized() {
             return normalized;
         }
 
+        @Override
         public Object clone() {
             DateTimeData dt = new DateTimeData(this.year, this.month, this.day, this.hour,
-                        this.minute, this.second, this.utc, this.originalValue, this.normalized, this.type);
+                    this.minute, this.second, this.utc, this.originalValue, this.normalized, this.type);
             dt.canonical = this.canonical;
             dt.position = position;
             dt.timezoneHr = this.timezoneHr;
@@ -1072,16 +1138,19 @@
         /* (non-Javadoc)
          * @see org.apache.xerces.xs.datatypes.XSDateTime#getXMLGregorianCalendar()
          */
+        @Override
         public XMLGregorianCalendar getXMLGregorianCalendar() {
             return type.getXMLGregorianCalendar(this);
         }
         /* (non-Javadoc)
          * @see org.apache.xerces.xs.datatypes.XSDateTime#getDuration()
          */
+
+        @Override
         public Duration getDuration() {
             return type.getDuration(this);
         }
-        }
+    }
 
     protected XMLGregorianCalendar getXMLGregorianCalendar(DateTimeData data) {
         return null;
--- a/src/com/sun/org/apache/xerces/internal/impl/dv/xs/DecimalDV.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/dv/xs/DecimalDV.java	Fri May 17 10:07:23 2013 -0700
@@ -26,6 +26,7 @@
 import com.sun.org.apache.xerces.internal.impl.dv.InvalidDatatypeValueException;
 import com.sun.org.apache.xerces.internal.impl.dv.ValidationContext;
 import com.sun.org.apache.xerces.internal.xs.datatypes.XSDecimal;
+import java.util.Objects;
 
 /**
  * Represent the schema type "decimal"
@@ -38,10 +39,12 @@
  */
 public class DecimalDV extends TypeValidator {
 
+    @Override
     public final short getAllowedFacets(){
         return ( XSSimpleTypeDecl.FACET_PATTERN | XSSimpleTypeDecl.FACET_WHITESPACE | XSSimpleTypeDecl.FACET_ENUMERATION |XSSimpleTypeDecl.FACET_MAXINCLUSIVE |XSSimpleTypeDecl.FACET_MININCLUSIVE | XSSimpleTypeDecl.FACET_MAXEXCLUSIVE  | XSSimpleTypeDecl.FACET_MINEXCLUSIVE | XSSimpleTypeDecl.FACET_TOTALDIGITS | XSSimpleTypeDecl.FACET_FRACTIONDIGITS);
     }
 
+    @Override
     public Object getActualValue(String content, ValidationContext context) throws InvalidDatatypeValueException {
         try {
             return new XDecimal(content);
@@ -50,20 +53,23 @@
         }
     }
 
+    @Override
     public final int compare(Object value1, Object value2){
         return ((XDecimal)value1).compareTo((XDecimal)value2);
     }
 
+    @Override
     public final int getTotalDigits(Object value){
         return ((XDecimal)value).totalDigits;
     }
 
+    @Override
     public final int getFractionDigits(Object value){
         return ((XDecimal)value).fracDigits;
     }
 
     // Avoid using the heavy-weight java.math.BigDecimal
-    static class XDecimal implements XSDecimal {
+    static final class XDecimal implements XSDecimal {
         // sign: 0 for vlaue 0; 1 for positive values; -1 for negative values
         int sign = 1;
         // total digits. >= 1
@@ -216,6 +222,8 @@
 
             integer = true;
         }
+
+        @Override
         public boolean equals(Object val) {
             if (val == this)
                 return true;
@@ -232,6 +240,19 @@
             return intDigits == oval.intDigits && fracDigits == oval.fracDigits &&
                    ivalue.equals(oval.ivalue) && fvalue.equals(oval.fvalue);
         }
+
+        @Override
+        public int hashCode() {
+            int hash = 7;
+            hash = 17 * hash + this.sign;
+            if (this.sign == 0) return hash;
+            hash = 17 * hash + this.intDigits;
+            hash = 17 * hash + this.fracDigits;
+            hash = 17 * hash + Objects.hashCode(this.ivalue);
+            hash = 17 * hash + Objects.hashCode(this.fvalue);
+            return hash;
+        }
+
         public int compareTo(XDecimal val) {
             if (sign != val.sign)
                 return sign > val.sign ? 1 : -1;
@@ -248,7 +269,9 @@
             ret = fvalue.compareTo(val.fvalue);
             return ret == 0 ? 0 : (ret > 0 ? 1 : -1);
         }
+
         private String canonical;
+        @Override
         public synchronized String toString() {
             if (canonical == null) {
                 makeCanonical();
@@ -269,7 +292,7 @@
                 return;
             }
             // for -0.1, total digits is 1, so we need 3 extra spots
-            StringBuffer buffer = new StringBuffer(totalDigits+3);
+            final StringBuilder buffer = new StringBuilder(totalDigits+3);
             if (sign == -1)
                 buffer.append('-');
             if (intDigits != 0)
@@ -288,6 +311,7 @@
             canonical = buffer.toString();
         }
 
+        @Override
         public BigDecimal getBigDecimal() {
             if (sign == 0) {
                 return new BigDecimal(BigInteger.ZERO);
@@ -295,6 +319,7 @@
             return new BigDecimal(toString());
         }
 
+        @Override
         public BigInteger getBigInteger() throws NumberFormatException {
             if (fracDigits != 0) {
                 throw new NumberFormatException();
@@ -308,6 +333,7 @@
             return new BigInteger("-" + ivalue);
         }
 
+        @Override
         public long getLong() throws NumberFormatException {
             if (fracDigits != 0) {
                 throw new NumberFormatException();
@@ -321,6 +347,7 @@
             return Long.parseLong("-" + ivalue);
         }
 
+        @Override
         public int getInt() throws NumberFormatException {
             if (fracDigits != 0) {
                 throw new NumberFormatException();
@@ -334,6 +361,7 @@
             return Integer.parseInt("-" + ivalue);
         }
 
+        @Override
         public short getShort() throws NumberFormatException {
             if (fracDigits != 0) {
                 throw new NumberFormatException();
@@ -347,6 +375,7 @@
             return Short.parseShort("-" + ivalue);
         }
 
+        @Override
         public byte getByte() throws NumberFormatException {
             if (fracDigits != 0) {
                 throw new NumberFormatException();
--- a/src/com/sun/org/apache/xerces/internal/impl/dv/xs/PrecisionDecimalDV.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/dv/xs/PrecisionDecimalDV.java	Fri May 17 10:07:23 2013 -0700
@@ -32,7 +32,7 @@
  */
 class PrecisionDecimalDV extends TypeValidator {
 
-    static class XPrecisionDecimal {
+    static final class XPrecisionDecimal {
 
         // sign: 0 for absent; 1 for positive values; -1 for negative values (except in case of INF, -INF)
         int sign = 1;
@@ -144,7 +144,71 @@
             totalDigits = intDigits + fracDigits;
         }
 
+        // Construct a canonical String representation of this number
+        // for the purpose of deriving a hashCode value compliant with
+        // equals.
+        // The toString representation will be:
+        // NaN for NaN, INF for +infinity, -INF for -infinity, 0 for zero,
+        // and [1-9].[0-9]*[1-9]?(E[1-9][0-9]*)? for other numbers.
+        private static String canonicalToStringForHashCode(String ivalue, String fvalue, int sign, int pvalue) {
+            if ("NaN".equals(ivalue)) {
+                return "NaN";
+            }
+            if ("INF".equals(ivalue)) {
+                return sign < 0 ? "-INF" : "INF";
+            }
+            final StringBuilder builder = new StringBuilder();
+            final int ilen = ivalue.length();
+            final int flen0 = fvalue.length();
+            int lastNonZero;
+            for (lastNonZero = flen0; lastNonZero > 0 ; lastNonZero--) {
+                if (fvalue.charAt(lastNonZero -1 ) != '0') break;
+            }
+            final int flen = lastNonZero;
+            int iStart;
+            int exponent = pvalue;
+            for (iStart = 0; iStart < ilen; iStart++) {
+                if (ivalue.charAt(iStart) != '0') break;
+            }
+            int fStart = 0;
+            if (iStart < ivalue.length()) {
+                builder.append(sign == -1 ? "-" : "");
+                builder.append(ivalue.charAt(iStart));
+                iStart++;
+            } else {
+                if (flen > 0) {
+                    for (fStart = 0; fStart < flen; fStart++) {
+                        if (fvalue.charAt(fStart) != '0') break;
+                    }
+                    if (fStart < flen) {
+                        builder.append(sign == -1 ? "-" : "");
+                        builder.append(fvalue.charAt(fStart));
+                        exponent -= ++fStart;
+                    } else {
+                        return "0";
+                    }
+                } else {
+                    return "0";
+                }
+            }
 
+            if (iStart < ilen || fStart < flen) {
+                builder.append('.');
+            }
+            while (iStart < ilen) {
+                builder.append(ivalue.charAt(iStart++));
+                exponent++;
+            }
+            while (fStart < flen) {
+                builder.append(fvalue.charAt(fStart++));
+            }
+            if (exponent != 0) {
+                builder.append("E").append(exponent);
+            }
+            return builder.toString();
+        }
+
+        @Override
         public boolean equals(Object val) {
             if (val == this)
                 return true;
@@ -156,6 +220,20 @@
             return this.compareTo(oval) == EQUAL;
         }
 
+        @Override
+        public int hashCode() {
+            // There's nothing else we can use easily, because equals could
+            // return true for widely different representation of the
+            // same number - and we don't have any canonical representation.
+            // The problem here is that we must ensure that if two numbers
+            // are equals then their hash code must also be equals.
+            // hashCode for 1.01E1 should be the same as hashCode for 0.101E2
+            // So we call cannonicalToStringForHashCode - which implements an
+            // algorithm that invents a normalized string representation
+            // for this number, and we return a hash for that.
+            return canonicalToStringForHashCode(ivalue, fvalue, sign, pvalue).hashCode();
+        }
+
         /**
          * @return
          */
@@ -295,6 +373,7 @@
 
         private String canonical;
 
+        @Override
         public synchronized String toString() {
             if (canonical == null) {
                 makeCanonical();
@@ -325,6 +404,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.impl.dv.xs.TypeValidator#getAllowedFacets()
      */
+    @Override
     public short getAllowedFacets() {
         return ( XSSimpleTypeDecl.FACET_PATTERN | XSSimpleTypeDecl.FACET_WHITESPACE | XSSimpleTypeDecl.FACET_ENUMERATION |XSSimpleTypeDecl.FACET_MAXINCLUSIVE |XSSimpleTypeDecl.FACET_MININCLUSIVE | XSSimpleTypeDecl.FACET_MAXEXCLUSIVE  | XSSimpleTypeDecl.FACET_MINEXCLUSIVE | XSSimpleTypeDecl.FACET_TOTALDIGITS | XSSimpleTypeDecl.FACET_FRACTIONDIGITS);
     }
@@ -332,6 +412,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.impl.dv.xs.TypeValidator#getActualValue(java.lang.String, com.sun.org.apache.xerces.internal.impl.dv.ValidationContext)
      */
+    @Override
     public Object getActualValue(String content, ValidationContext context)
     throws InvalidDatatypeValueException {
         try {
@@ -341,18 +422,22 @@
         }
     }
 
+    @Override
     public int compare(Object value1, Object value2) {
         return ((XPrecisionDecimal)value1).compareTo((XPrecisionDecimal)value2);
     }
 
+    @Override
     public int getFractionDigits(Object value) {
         return ((XPrecisionDecimal)value).fracDigits;
     }
 
+    @Override
     public int getTotalDigits(Object value) {
         return ((XPrecisionDecimal)value).totalDigits;
     }
 
+    @Override
     public boolean isIdentical(Object value1, Object value2) {
         if(!(value2 instanceof XPrecisionDecimal) || !(value1 instanceof XPrecisionDecimal))
             return false;
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties	Fri May 17 10:07:23 2013 -0700
@@ -11,7 +11,7 @@
 HrefMissing = The 'href' attribute of an 'include' element is missing.
 RecursiveInclude = Recursive include detected.  Document ''{0}'' was already processed.
 InvalidParseValue = Invalid value for ''parse'' attribute on ''include'' element: ''{0}''.
-XMLParseError = Error attempting to parse XML file (href=''{0}'').
+XMLParseError = Error attempting to parse XML file (href=''{0}''). Reason: {1}
 XMLResourceError = Include operation failed, reverting to fallback. Resource error reading file as XML (href=''{0}''). Reason: {1}
 TextResourceError = Include operation failed, reverting to fallback. Resource error reading file as text (href=''{0}''). Reason: {1}
 NO_XPointerSchema = Schema for \"{0}\" is not supported by default. Define your own schema for {0}.See http://apache.org/xml/properties/xpointer-schema
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_de.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_de.properties	Fri May 17 10:07:23 2013 -0700
@@ -39,7 +39,7 @@
 HrefMissing = "href"-Attribut eines "include"-Elements fehlt.
 RecursiveInclude = Rekursives "include" ermittelt. Dokument "{0}" wurde bereits verarbeitet.
 InvalidParseValue = Ung\u00FCltiger Wert f\u00FCr "parse"-Attribut bei "include"-Element: "{0}".
-XMLParseError = Fehler beim Versuch, XML-Datei zu parsen (href="{0}").
+XMLParseError = Fehler beim Versuch, XML-Datei zu parsen (href="{0}").  Grund: {1}
 XMLResourceError = Include-Vorgang nicht erfolgreich. Zur\u00FCck zu Fallback. Ressourcenfehler beim Lesen der Datei als XML (href="{0}"). Grund: {1}
 TextResourceError = Include-Vorgang nicht erfolgreich. Zur\u00FCck zu Fallback. Ressourcenfehler beim Lesen der Datei als Text (href="{0}"). Grund: {1}
 NO_XPointerSchema = Schema f\u00FCr \"{0}\" wird standardm\u00E4\u00DFig nicht unterst\u00FCtzt. Definieren Sie Ihr eigenes Schema f\u00FCr {0}. Siehe http://apache.org/xml/properties/xpointer-schema
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_es.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_es.properties	Fri May 17 10:07:23 2013 -0700
@@ -39,7 +39,7 @@
 HrefMissing = Falta el atributo 'href' de un elemento 'include'.
 RecursiveInclude = Se ha detectado un elemento include recursivo. El documento ''{0}'' ya se ha procesado.
 InvalidParseValue = Valor no v\u00E1lido para el atributo ''parse'' en el elemento ''include'': ''{0}''.
-XMLParseError = Error al intentar analizar el archivo XML (href=''{0}'').
+XMLParseError = Error al intentar analizar el archivo XML (href=''{0}'').  Motivo: {1}
 XMLResourceError = Fallo de la operaci\u00F3n include, conversi\u00F3n a fallback. Error del recurso al leer el archivo como XML (href=''{0}''). Motivo: {1}
 TextResourceError = Fallo de la operaci\u00F3n include, conversi\u00F3n a fallback. Error del recurso al leer el archivo como texto (href=''{0}''). Motivo: {1}
 NO_XPointerSchema = El esquema para \"{0}\" no est\u00E1 soportado por defecto. Defina su propio esquema para {0}. Consulte http://apache.org/xml/properties/xpointer-schema
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_fr.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_fr.properties	Fri May 17 10:07:23 2013 -0700
@@ -39,7 +39,7 @@
 HrefMissing = L'attribut 'href' d'un \u00E9l\u00E9ment 'include' est manquant.
 RecursiveInclude = El\u00E9ment "include" r\u00E9cursif d\u00E9tect\u00E9. Le document ''{0}'' a d\u00E9j\u00E0 \u00E9t\u00E9 trait\u00E9.
 InvalidParseValue = Valeur non valide pour l''attribut ''parse'' sur l''\u00E9l\u00E9ment ''include'' : ''{0}''.
-XMLParseError = Erreur lors de la tentative d''analyse du fichier XML (href=''{0}'').
+XMLParseError = Erreur lors de la tentative d''analyse du fichier XML (href=''{0}''). Raison : {1}
 XMLResourceError = Echec de l''op\u00E9ration Include, r\u00E9tablissement de l''\u00E9l\u00E9ment fallback. Erreur de ressource lors de la lecture du fichier en tant que XML (href=''{0}''). Raison : {1}
 TextResourceError = Echec de l''op\u00E9ration Include, r\u00E9tablissement de l''\u00E9l\u00E9ment fallback. Erreur de ressource lors de la lecture du fichier en tant que texte (href=''{0}''). Raison : {1}
 NO_XPointerSchema = Par d\u00E9faut, le sch\u00E9ma pour \"{0}\" n''est pas pris en charge. D\u00E9finissez votre propre sch\u00E9ma pour {0}. Reportez-vous \u00E0 l''adresse http://apache.org/xml/properties/xpointer-schema
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_it.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_it.properties	Fri May 17 10:07:23 2013 -0700
@@ -39,7 +39,7 @@
 HrefMissing = Manca l'attributo 'href' di un elemento 'include'.
 RecursiveInclude = Inclusione ricorsiva rilevata. Il documento ''{0}'' \u00E8 gi\u00E0 stato elaborato.
 InvalidParseValue = Valore non valido per l''attributo ''parse'' nell''elemento ''include'': ''{0}''.
-XMLParseError = Errore nel tentativo di analizzare il file XML (href=''{0}'').
+XMLParseError = Errore nel tentativo di analizzare il file XML (href=''{0}''). Motivo: {1}
 XMLResourceError = Operazione di inclusione non riuscita. Verr\u00E0 ripristinato il fallback. Errore di risorsa durante la lettura del file come XML (href=''{0}''). Motivo: {1}
 TextResourceError = Operazione di inclusione non riuscita. Verr\u00E0 ripristinato il fallback. Errore di risorsa durante la lettura del file come testo (href=''{0}''). Motivo: {1}
 NO_XPointerSchema = Lo schema per \"{0}\" non \u00E8 supportato per impostazione predefinita. Definire il proprio schema per {0}. Vedere http://apache.org/xml/properties/xpointer-schema.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_ja.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_ja.properties	Fri May 17 10:07:23 2013 -0700
@@ -39,7 +39,7 @@
 HrefMissing = 'include'\u8981\u7D20\u306E'href'\u5C5E\u6027\u304C\u3042\u308A\u307E\u305B\u3093\u3002
 RecursiveInclude = \u518D\u5E30\u7684\u306Ainclude\u304C\u691C\u51FA\u3055\u308C\u307E\u3057\u305F\u3002\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8''{0}''\u306F\u3059\u3067\u306B\u51E6\u7406\u3055\u308C\u3066\u3044\u307E\u3059\u3002
 InvalidParseValue = ''include''\u8981\u7D20\u306E''parse''\u5C5E\u6027\u306E\u5024\u304C\u7121\u52B9\u3067\u3059: ''{0}''\u3002
-XMLParseError = XML\u30D5\u30A1\u30A4\u30EB\u306E\u89E3\u6790\u8A66\u884C\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(href=''{0}'')\u3002
+XMLParseError = XML\u30D5\u30A1\u30A4\u30EB\u306E\u89E3\u6790\u8A66\u884C\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(href=''{0}'')\u3002\u7406\u7531: {1}
 XMLResourceError = \u30A4\u30F3\u30AF\u30EB\u30FC\u30C9\u64CD\u4F5C\u304C\u5931\u6557\u3057\u3001\u30D5\u30A9\u30FC\u30EB\u30D0\u30C3\u30AF\u306B\u623B\u308A\u307E\u3059\u3002\u30D5\u30A1\u30A4\u30EB\u3092XML\u3068\u3057\u3066\u8AAD\u53D6\u308A\u4E2D\u306B\u30EA\u30BD\u30FC\u30B9\u30FB\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(href=''{0}'')\u3002\u7406\u7531: {1}
 TextResourceError = \u30A4\u30F3\u30AF\u30EB\u30FC\u30C9\u64CD\u4F5C\u304C\u5931\u6557\u3057\u3001\u30D5\u30A9\u30FC\u30EB\u30D0\u30C3\u30AF\u306B\u623B\u308A\u307E\u3059\u3002\u30D5\u30A1\u30A4\u30EB\u3092\u30C6\u30AD\u30B9\u30C8\u3068\u3057\u3066\u8AAD\u53D6\u308A\u4E2D\u306B\u30EA\u30BD\u30FC\u30B9\u30FB\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(href=''{0}'')\u3002\u7406\u7531: {1}
 NO_XPointerSchema = \u30C7\u30D5\u30A9\u30EB\u30C8\u3067\u306F\u3001\"{0}\"\u306E\u30B9\u30AD\u30FC\u30DE\u306F\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002{0}\u306B\u5BFE\u3057\u3066\u72EC\u81EA\u306E\u30B9\u30AD\u30FC\u30DE\u3092\u5B9A\u7FA9\u3057\u3066\u304F\u3060\u3055\u3044\u3002http://apache.org/xml/properties/xpointer-schema\u3092\u53C2\u7167\u3057\u3066\u304F\u3060\u3055\u3044
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_ko.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_ko.properties	Fri May 17 10:07:23 2013 -0700
@@ -39,7 +39,7 @@
 HrefMissing = 'include' \uC694\uC18C\uC758 'href' \uC18D\uC131\uC774 \uB204\uB77D\uB418\uC5C8\uC2B5\uB2C8\uB2E4.
 RecursiveInclude = \uC21C\uD658 include\uAC00 \uAC10\uC9C0\uB418\uC5C8\uC2B5\uB2C8\uB2E4. ''{0}'' \uBB38\uC11C\uAC00 \uC774\uBBF8 \uCC98\uB9AC\uB418\uC5C8\uC2B5\uB2C8\uB2E4.
 InvalidParseValue = ''include'' \uC694\uC18C\uC5D0 ''parse'' \uC18D\uC131\uC5D0 \uB300\uD574 \uBD80\uC801\uD569\uD55C \uAC12\uC774 \uC788\uC74C: ''{0}''.
-XMLParseError = XML \uD30C\uC77C(href=''{0}'')\uC758 \uAD6C\uBB38\uC744 \uBD84\uC11D\uD558\uB824\uACE0 \uC2DC\uB3C4\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4.
+XMLParseError = XML \uD30C\uC77C(href=''{0}'')\uC758 \uAD6C\uBB38\uC744 \uBD84\uC11D\uD558\uB824\uACE0 \uC2DC\uB3C4\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4.\uC6D0\uC778: {1}
 XMLResourceError = Include \uC791\uC5C5\uC744 \uC2E4\uD328\uD558\uC5EC fallback\uC73C\uB85C \uBCF5\uC6D0\uD558\uB294 \uC911\uC785\uB2C8\uB2E4. \uD30C\uC77C\uC744 XML(href=''{0}'')\uB85C \uC77D\uB294 \uC911 \uB9AC\uC18C\uC2A4 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC6D0\uC778: {1}
 TextResourceError = Include \uC791\uC5C5\uC744 \uC2E4\uD328\uD558\uC5EC fallback\uC73C\uB85C \uBCF5\uC6D0\uD558\uB294 \uC911\uC785\uB2C8\uB2E4. \uD30C\uC77C\uC744 \uD14D\uC2A4\uD2B8(href=''{0}'')\uB85C \uC77D\uB294 \uC911 \uB9AC\uC18C\uC2A4 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC6D0\uC778: {1}
 NO_XPointerSchema = \uAE30\uBCF8\uC801\uC73C\uB85C \"{0}\"\uC5D0 \uB300\uD55C \uC2A4\uD0A4\uB9C8\uB294 \uC9C0\uC6D0\uB418\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4. {0}\uC5D0 \uB300\uD574 \uACE0\uC720\uD55C \uC2A4\uD0A4\uB9C8\uB97C \uC815\uC758\uD558\uC2ED\uC2DC\uC624. http://apache.org/xml/properties/xpointer-schema\uB97C \uCC38\uC870\uD558\uC2ED\uC2DC\uC624.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_pt_BR.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_pt_BR.properties	Fri May 17 10:07:23 2013 -0700
@@ -39,7 +39,7 @@
 HrefMissing = O atributo 'href' de um elemento 'include' n\u00E3o foi encontrado.
 RecursiveInclude = Inclus\u00E3o recursiva detectada. O documento ''{0}'' j\u00E1 foi processado.
 InvalidParseValue = Valor inv\u00E1lido para o atributo ''parse'' no elemento ''include'': ''{0}''.
-XMLParseError = Erro ao tentar fazer parse do arquivo XML (href=''{0}'').
+XMLParseError = Erro ao tentar fazer parse do arquivo XML (href=''{0}'').  Motivo: {1}
 XMLResourceError = Falha na opera\u00E7\u00E3o de inclus\u00E3o; revertendo para fallback. Erro do recurso ao ler o arquivo como XML (href=''{0}''). Motivo: {1}
 TextResourceError = Falha na opera\u00E7\u00E3o de inclus\u00E3o; revertendo para fallback. Erro do recurso ao ler o arquivo como texto (href=''{0}''). Motivo: {1}
 NO_XPointerSchema = Por default, o esquema para \"{0}\" n\u00E3o \u00E9 suportado. Defina seu pr\u00F3prio esquema para {0}. Consulte http://apache.org/xml/properties/xpointer-schema
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_sv.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_sv.properties	Fri May 17 10:07:23 2013 -0700
@@ -39,7 +39,7 @@
 HrefMissing = Ett 'href'-attribut i ett 'include'-element saknas.
 RecursiveInclude = Rekursiv inkludering uppt\u00E4cktes. Dokumentet ''{0}'' har redan bearbetats.
 InvalidParseValue = Ogiltigt v\u00E4rde f\u00F6r ''parse''-attribut i ''include''-element: ''{0}''.
-XMLParseError = Fel vid f\u00F6rs\u00F6k att tolka XML-fil (href=''{0}'').
+XMLParseError = Fel vid f\u00F6rs\u00F6k att tolka XML-fil (href=''{0}''). Orsak: {1}
 XMLResourceError = Inkluderings\u00E5tg\u00E4rden utf\u00F6rdes inte, \u00E5terst\u00E4ller genom att \u00E5terskapa. Resursfel vid l\u00E4sning av fil som XML (href=''{0}''). Orsak: {1}
 TextResourceError = Inkluderings\u00E5tg\u00E4rden utf\u00F6rdes inte, \u00E5terst\u00E4ller genom att \u00E5terskapa. Resursfel vid l\u00E4sning av fil som text (href=''{0}''). Orsak: {1}
 NO_XPointerSchema = Schema f\u00F6r \"{0}\" st\u00F6ds inte som standard. Definiera ett eget schema f\u00F6r {0}.Se http://apache.org/xml/properties/xpointer-schema
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_zh_CN.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_zh_CN.properties	Fri May 17 10:07:23 2013 -0700
@@ -39,7 +39,7 @@
 HrefMissing = \u7F3A\u5C11 'include' \u5143\u7D20\u7684 'href' \u5C5E\u6027\u3002
 RecursiveInclude = \u68C0\u6D4B\u5230\u9012\u5F52 include\u3002\u5DF2\u5904\u7406\u6587\u6863 ''{0}''\u3002
 InvalidParseValue = ''include'' \u5143\u7D20\u7684 ''parse'' \u5C5E\u6027\u7684\u503C\u65E0\u6548: ''{0}''\u3002
-XMLParseError = \u5C1D\u8BD5\u5BF9 XML \u6587\u4EF6 (href=''{0}'') \u8FDB\u884C\u8BED\u6CD5\u5206\u6790\u65F6\u51FA\u9519\u3002
+XMLParseError = \u5C1D\u8BD5\u5BF9 XML \u6587\u4EF6 (href=''{0}'') \u8FDB\u884C\u8BED\u6CD5\u5206\u6790\u65F6\u51FA\u9519\u3002\u539F\u56E0: {1}
 XMLResourceError = Include \u64CD\u4F5C\u5931\u8D25, \u5E76\u8FD8\u539F\u4E3A fallback\u3002\u4EE5 XML (href=''{0}'') \u683C\u5F0F\u8BFB\u53D6\u6587\u4EF6\u65F6\u51FA\u73B0\u8D44\u6E90\u9519\u8BEF\u3002\u539F\u56E0: {1}
 TextResourceError = Include \u64CD\u4F5C\u5931\u8D25, \u5E76\u8FD8\u539F\u4E3A fallback\u3002\u4EE5\u6587\u672C (href=''{0}'') \u683C\u5F0F\u8BFB\u53D6\u6587\u4EF6\u65F6\u51FA\u73B0\u8D44\u6E90\u9519\u8BEF\u3002\u539F\u56E0: {1}
 NO_XPointerSchema = \u9ED8\u8BA4\u60C5\u51B5\u4E0B, \u4E0D\u652F\u6301 \"{0}\" \u7684\u65B9\u6848\u3002\u8BF7\u4E3A{0}\u5B9A\u4E49\u60A8\u81EA\u5DF1\u7684\u65B9\u6848\u3002\u8BF7\u8BBF\u95EE http://apache.org/xml/properties/xpointer-schema
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_zh_TW.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_zh_TW.properties	Fri May 17 10:07:23 2013 -0700
@@ -39,7 +39,7 @@
 HrefMissing = \u907A\u6F0F 'include' \u5143\u7D20\u7684 'href' \u5C6C\u6027\u3002
 RecursiveInclude = \u5075\u6E2C\u5230\u905E\u8FF4\u5305\u542B\u3002\u5DF2\u7D93\u8655\u7406\u6587\u4EF6 ''{0}''\u3002
 InvalidParseValue = ''include'' \u5143\u7D20\u4E0A ''parse'' \u5C6C\u6027\u7684\u7121\u6548\u503C: ''{0}''\u3002
-XMLParseError = \u5617\u8A66\u5256\u6790 XML \u6A94\u6848\u6642\u767C\u751F\u932F\u8AA4 (href=''{0}'')\u3002
+XMLParseError = \u5617\u8A66\u5256\u6790 XML \u6A94\u6848\u6642\u767C\u751F\u932F\u8AA4 (href=''{0}'')\u3002\u539F\u56E0: {1}
 XMLResourceError = \u5305\u542B\u4F5C\u696D\u5931\u6557\uFF0C\u56DE\u5FA9\u81F3\u5F8C\u63F4\u3002\u4EE5 XML (href=''{0}'') \u65B9\u5F0F\u8B80\u53D6\u6A94\u6848\u6642\u767C\u751F\u8CC7\u6E90\u932F\u8AA4\u3002\u539F\u56E0: {1}
 TextResourceError = \u5305\u542B\u4F5C\u696D\u5931\u6557\uFF0C\u56DE\u5FA9\u81F3\u5F8C\u63F4\u3002\u4EE5\u6587\u5B57 (href=''{0}'') \u65B9\u5F0F\u8B80\u53D6\u6A94\u6848\u6642\u767C\u751F\u8CC7\u6E90\u932F\u8AA4\u3002\u539F\u56E0: {1}
 NO_XPointerSchema = \u9810\u8A2D\u4E0D\u652F\u63F4 \"{0}\" \u7684\u7DB1\u8981\u3002\u8ACB\u70BA {0} \u5B9A\u7FA9\u60A8\u81EA\u5DF1\u7684\u7DB1\u8981\u3002\u8ACB\u53C3\u95B1 http://apache.org/xml/properties/xpointer-schema
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties	Fri May 17 10:07:23 2013 -0700
@@ -261,6 +261,9 @@
 # Entity related messages
 # 3.1 Start-Tags, End-Tags, and Empty-Element Tags
         ReferenceToExternalEntity = The external entity reference \"&{0};\" is not permitted in an attribute value.
+        AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
+        AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
+
 # 4.1 Character and Entity References
         EntityNotDeclared = The entity \"{0}\" was referenced, but not declared.
         ReferenceToUnparsedEntity = The unparsed entity reference \"&{0};\" is not permitted.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_de.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_de.properties	Fri May 17 10:07:23 2013 -0700
@@ -289,6 +289,9 @@
 # Entity related messages
 # 3.1 Start-Tags, End-Tags, and Empty-Element Tags
         ReferenceToExternalEntity = Externe Entit\u00E4tsreferenz \"&{0};\" ist in einem Attributwert nicht zul\u00E4ssig.
+        AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
+        AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
+
 # 4.1 Character and Entity References
         EntityNotDeclared = Entit\u00E4t \"{0}\" wurde referenziert aber nicht deklariert.
         ReferenceToUnparsedEntity = Nicht geparste Entit\u00E4tsreferenz \"&{0};\" ist nicht zul\u00E4ssig.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_es.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_es.properties	Fri May 17 10:07:23 2013 -0700
@@ -289,6 +289,9 @@
 # Entity related messages
 # 3.1 Start-Tags, End-Tags, and Empty-Element Tags
         ReferenceToExternalEntity = La referencia de entidad externa \"&{0};\" no est\u00E1 permitida en un valor de atributo.
+        AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
+        AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
+
 # 4.1 Character and Entity References
         EntityNotDeclared = Se hizo referencia a la entidad \"{0}\", pero no se declar\u00F3.
         ReferenceToUnparsedEntity = La referencia de entidad no analizada \"&{0};\" no est\u00E1 permitida.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_fr.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_fr.properties	Fri May 17 10:07:23 2013 -0700
@@ -289,6 +289,9 @@
 # Entity related messages
 # 3.1 Start-Tags, End-Tags, and Empty-Element Tags
         ReferenceToExternalEntity = La r\u00E9f\u00E9rence d''entit\u00E9 externe \"&{0};\" n''est pas autoris\u00E9e dans une valeur d''attribut.
+        AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
+        AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
+
 # 4.1 Character and Entity References
         EntityNotDeclared = L''entit\u00E9 \"{0}\" \u00E9tait r\u00E9f\u00E9renc\u00E9e, mais pas d\u00E9clar\u00E9e.
         ReferenceToUnparsedEntity = La r\u00E9f\u00E9rence d''entit\u00E9 non analys\u00E9e \"&{0};\" n''est pas autoris\u00E9e.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_it.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_it.properties	Fri May 17 10:07:23 2013 -0700
@@ -289,6 +289,9 @@
 # Entity related messages
 # 3.1 Start-Tags, End-Tags, and Empty-Element Tags
         ReferenceToExternalEntity = Il riferimento di entit\u00E0 esterna \"&{0};\" non \u00E8 consentito in un valore di attributo.
+        AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
+        AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
+
 # 4.1 Character and Entity References
         EntityNotDeclared = L''entit\u00E0 \"{0}\" \u00E8 indicata da un riferimento, ma non \u00E8 dichiarata.
         ReferenceToUnparsedEntity = Il riferimento di entit\u00E0 non analizzata \"&{0};\" non \u00E8 consentito.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_ja.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_ja.properties	Fri May 17 10:07:23 2013 -0700
@@ -289,6 +289,9 @@
 # Entity related messages
 # 3.1 Start-Tags, End-Tags, and Empty-Element Tags
         ReferenceToExternalEntity = \u5916\u90E8\u30A8\u30F3\u30C6\u30A3\u30C6\u30A3\u53C2\u7167\"&{0};\"\u306F\u3001\u5C5E\u6027\u5024\u3067\u306F\u8A31\u53EF\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002
+        AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
+        AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
+
 # 4.1 Character and Entity References
         EntityNotDeclared = \u30A8\u30F3\u30C6\u30A3\u30C6\u30A3\"{0}\"\u304C\u53C2\u7167\u3055\u308C\u3066\u3044\u307E\u3059\u304C\u3001\u5BA3\u8A00\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002
         ReferenceToUnparsedEntity = \u672A\u89E3\u6790\u30A8\u30F3\u30C6\u30A3\u30C6\u30A3\u53C2\u7167\"&{0};\"\u306F\u8A31\u53EF\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_ko.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_ko.properties	Fri May 17 10:07:23 2013 -0700
@@ -289,6 +289,9 @@
 # Entity related messages
 # 3.1 Start-Tags, End-Tags, and Empty-Element Tags
         ReferenceToExternalEntity = \uC18D\uC131\uAC12\uC5D0\uC11C\uB294 \uC678\uBD80 \uC5D4\uD2F0\uD2F0 \uCC38\uC870 \"&{0};\"\uC774 \uD5C8\uC6A9\uB418\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.
+        AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
+        AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
+
 # 4.1 Character and Entity References
         EntityNotDeclared = \"{0}\" \uC5D4\uD2F0\uD2F0\uAC00 \uCC38\uC870\uB418\uC5C8\uC9C0\uB9CC \uC120\uC5B8\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4.
         ReferenceToUnparsedEntity = \uAD6C\uBB38\uC774 \uBD84\uC11D\uB418\uC9C0 \uC54A\uC740 \uC5D4\uD2F0\uD2F0 \uCC38\uC870 \"&{0};\"\uC740(\uB294) \uD5C8\uC6A9\uB418\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_pt_BR.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_pt_BR.properties	Fri May 17 10:07:23 2013 -0700
@@ -289,6 +289,9 @@
 # Entity related messages
 # 3.1 Start-Tags, End-Tags, and Empty-Element Tags
         ReferenceToExternalEntity = A refer\u00EAncia da entidade externa \"&{0};\" n\u00E3o \u00E9 permitida em um valor do atributo.
+        AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
+        AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
+
 # 4.1 Character and Entity References
         EntityNotDeclared = A entidade \"{0}\" foi referenciada, mas n\u00E3o declarada.
         ReferenceToUnparsedEntity = A refer\u00EAncia da entidade n\u00E3o submetida a parse \"&{0};\" n\u00E3o \u00E9 permitida.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_sv.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_sv.properties	Fri May 17 10:07:23 2013 -0700
@@ -289,6 +289,9 @@
 # Entity related messages
 # 3.1 Start-Tags, End-Tags, and Empty-Element Tags
         ReferenceToExternalEntity = Den externa enhetsreferensen \"&{0};\" till\u00E5ts inte i ett attributv\u00E4rde.
+        AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
+        AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
+
 # 4.1 Character and Entity References
         EntityNotDeclared = Enheten \"{0}\" har refererats, men \u00E4r inte deklarerad.
         ReferenceToUnparsedEntity = Den otolkade enhetsreferensen \"&{0};\" \u00E4r inte till\u00E5ten.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_zh_CN.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_zh_CN.properties	Fri May 17 10:07:23 2013 -0700
@@ -289,6 +289,9 @@
 # Entity related messages
 # 3.1 Start-Tags, End-Tags, and Empty-Element Tags
         ReferenceToExternalEntity = \u5C5E\u6027\u503C\u4E2D\u4E0D\u5141\u8BB8\u91C7\u7528\u5916\u90E8\u5B9E\u4F53\u5F15\u7528 \"&{0};\"\u3002
+        AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
+        AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
+
 # 4.1 Character and Entity References
         EntityNotDeclared = \u5F15\u7528\u4E86\u5B9E\u4F53 \"{0}\", \u4F46\u672A\u58F0\u660E\u5B83\u3002
         ReferenceToUnparsedEntity = \u4E0D\u5141\u8BB8\u4F7F\u7528\u672A\u8FDB\u884C\u8BED\u6CD5\u5206\u6790\u7684\u5B9E\u4F53\u5F15\u7528 \"&{0};\"\u3002
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_zh_TW.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_zh_TW.properties	Fri May 17 10:07:23 2013 -0700
@@ -289,6 +289,9 @@
 # Entity related messages
 # 3.1 Start-Tags, End-Tags, and Empty-Element Tags
         ReferenceToExternalEntity = \u5C6C\u6027\u503C\u4E0D\u5141\u8A31\u53C3\u7167\u5916\u90E8\u500B\u9AD4 \"&{0};\"\u3002
+        AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
+        AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
+
 # 4.1 Character and Entity References
         EntityNotDeclared = \u53C3\u7167\u4E86\u500B\u9AD4 \"{0}\"\uFF0C\u4F46\u662F\u672A\u5BA3\u544A\u3002
         ReferenceToUnparsedEntity = \u4E0D\u5141\u8A31\u672A\u5256\u6790\u7684\u500B\u9AD4\u53C3\u7167 \"&{0};\"\u3002
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages.properties	Fri May 17 10:07:23 2013 -0700
@@ -86,6 +86,7 @@
 
 #schema valid (3.X.3)
 
+        schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
         schema_reference.4 = schema_reference.4: Failed to read schema document ''{0}'', because 1) could not find the document; 2) the document could not be read; 3) the root element of the document is not <xsd:schema>.
         src-annotation = src-annotation: <annotation> elements can only contain <appinfo> and <documentation> elements, but ''{0}'' was found.
         src-attribute.1 = src-attribute.1: The properties ''default'' and ''fixed'' cannot both be present in attribute declaration ''{0}''. Use only one of them.
@@ -289,6 +290,3 @@
         TargetNamespace.2 = TargetNamespace.2: Expecting no namespace, but the schema document has a target namespace of ''{1}''.
         UndeclaredEntity = UndeclaredEntity: Entity ''{0}'' is not declared.
         UndeclaredPrefix = UndeclaredPrefix: Cannot resolve ''{0}'' as a QName: the prefix ''{1}'' is not declared.
-null
-null
-null
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_de.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_de.properties	Fri May 17 10:07:23 2013 -0700
@@ -114,6 +114,7 @@
 
 #schema valid (3.X.3)
 
+        schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
         schema_reference.4 = schema_reference.4: Schemadokument "{0}" konnte nicht gelesen werden, da 1) das Dokument nicht gefunden werden konnte; 2) das Dokument nicht gelesen werden konnte; 3) das Root-Element des Dokuments nicht <xsd:schema> ist.
         src-annotation = src-annotation: <annotation>-Elemente k\u00F6nnen nur <appinfo>- und <documentation>-Elemente enthalten, aber es wurde "{0}" gefunden.
         src-attribute.1 = src-attribute.1: Die Eigenschaften "default" und "fixed" k\u00F6nnen nicht beide in der Attributdeklaration "{0}" vorhanden sein. Verwenden Sie nur eine dieser Eigenschaften.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_es.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_es.properties	Fri May 17 10:07:23 2013 -0700
@@ -114,6 +114,7 @@
 
 #schema valid (3.X.3)
 
+        schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
         schema_reference.4 = schema_reference.4: Fallo al leer el documento de esquema ''{0}'', porque 1) no se ha encontrado el documento; 2) no se ha podido leer el documento; 3) el elemento ra\u00EDz del documento no es <xsd:schema>.
         src-annotation = src-annotation: Los elementos de <annotation> s\u00F3lo pueden contener elementos de <appinfo> y <documentation>, pero se ha encontrado ''{0}''.
         src-attribute.1 = src-attribute.1: Las propiedades ''default'' y ''fixed'' no pueden estar presentes de forma simult\u00E1nea en la declaraci\u00F3n de atributo ''{0}''. Utilice s\u00F3lo una de ellas.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_fr.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_fr.properties	Fri May 17 10:07:23 2013 -0700
@@ -114,6 +114,7 @@
 
 #schema valid (3.X.3)
 
+        schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
         schema_reference.4 = schema_reference.4 : Echec de la lecture du document de sch\u00E9ma ''{0}'' pour les raisons suivantes : 1) Le document est introuvable ; 2) Le document n''a pas pu \u00EAtre lu ; 3) L''\u00E9l\u00E9ment racine du document n''est pas <xsd:schema>.
         src-annotation = src-annotation : Les \u00E9l\u00E9ments <annotation> ne peuvent contenir que des \u00E9l\u00E9ments <appinfo> et <documentation>, mais ''{0}'' a \u00E9t\u00E9 trouv\u00E9.
         src-attribute.1 = src-attribute.1 : Les propri\u00E9t\u00E9s ''default'' et ''fixed'' ne peuvent pas figurer simultan\u00E9ment dans la d\u00E9claration d''attribut ''{0}''. Utilisez uniquement l''une d''entre elles.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_it.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_it.properties	Fri May 17 10:07:23 2013 -0700
@@ -114,6 +114,7 @@
 
 #schema valid (3.X.3)
 
+        schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
         schema_reference.4 = schema_reference.4: lettura del documento di schema "{0}" non riuscita perch\u00E9 1) non \u00E8 stato possibile trovare il documento; 2) non \u00E8 stato possibile leggere il documento; 3) l''elemento radice del documento non \u00E8 <xsd:schema>.
         src-annotation = src-annotation: possono essere contenuti soltanto elementi <appinfo> e <documentation>, ma \u00E8 stato trovato ''{0}''.
         src-attribute.1 = src-attribute.1: le propriet\u00E0 ''default'' e ''fixed'' non possono essere entrambi presenti nella dichiarazione di attributo ''{0}''. Utilizzarne solo una.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_ja.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_ja.properties	Fri May 17 10:07:23 2013 -0700
@@ -114,6 +114,7 @@
 
 #schema valid (3.X.3)
 
+        schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
         schema_reference.4 = schema_reference.4: 1)\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u304C\u898B\u3064\u304B\u3089\u306A\u304B\u3063\u305F\u30012)\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u3092\u8AAD\u307F\u53D6\u308C\u306A\u304B\u3063\u305F\u30013)\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u306E\u30EB\u30FC\u30C8\u8981\u7D20\u304C<xsd:schema>\u3067\u306F\u306A\u304B\u3063\u305F\u305F\u3081\u3001\u30B9\u30AD\u30FC\u30DE\u30FB\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8''{0}''\u306E\u8AAD\u53D6\u308A\u306B\u5931\u6557\u3057\u307E\u3057\u305F\u3002
         src-annotation = src-annotation: <annotation>\u8981\u7D20\u306B\u542B\u3081\u308B\u3053\u3068\u304C\u3067\u304D\u308B\u306E\u306F<appinfo>\u8981\u7D20\u304A\u3088\u3073<documentation>\u8981\u7D20\u306E\u307F\u3067\u3059\u304C\u3001''{0}''\u304C\u898B\u3064\u304B\u308A\u307E\u3057\u305F\u3002
         src-attribute.1 = src-attribute.1: ''default''\u3068''fixed''\u306E\u4E21\u65B9\u306E\u30D7\u30ED\u30D1\u30C6\u30A3\u3092\u5C5E\u6027\u5BA3\u8A00''{0}''\u306B\u542B\u3081\u308B\u3053\u3068\u306F\u3067\u304D\u307E\u305B\u3093\u3002\u3044\u305A\u308C\u304B\u4E00\u65B9\u306E\u307F\u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044\u3002
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_ko.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_ko.properties	Fri May 17 10:07:23 2013 -0700
@@ -114,6 +114,7 @@
 
 #schema valid (3.X.3)
 
+        schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
         schema_reference.4 = schema_reference.4: \uC2A4\uD0A4\uB9C8 \uBB38\uC11C ''{0}'' \uC77D\uAE30\uB97C \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4. \uC6D0\uC778: 1) \uBB38\uC11C\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. 2) \uBB38\uC11C\uB97C \uC77D\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. 3) \uBB38\uC11C\uC758 \uB8E8\uD2B8 \uC694\uC18C\uAC00 <xsd:schema>\uAC00 \uC544\uB2D9\uB2C8\uB2E4.
         src-annotation = src-annotation: <annotation> \uC694\uC18C\uC5D0\uB294 <appinfo> \uBC0F <documentation> \uC694\uC18C\uB9CC \uD3EC\uD568\uB420 \uC218 \uC788\uC9C0\uB9CC ''{0}''\uC774(\uAC00) \uBC1C\uACAC\uB418\uC5C8\uC2B5\uB2C8\uB2E4.
         src-attribute.1 = src-attribute.1: ''default'' \uBC0F ''fixed'' \uC18D\uC131\uC740 \uC18D\uC131 \uC120\uC5B8 ''{0}''\uC5D0 \uD568\uAED8 \uC874\uC7AC\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. \uD558\uB098\uB9CC \uC0AC\uC6A9\uD558\uC2ED\uC2DC\uC624.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_pt_BR.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_pt_BR.properties	Fri May 17 10:07:23 2013 -0700
@@ -114,6 +114,7 @@
 
 #schema valid (3.X.3)
 
+        schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
         schema_reference.4 = schema_reference.4: Falha ao ler o documento do esquema ''{0}'' porque 1) n\u00E3o foi poss\u00EDvel encontrar o documento; 2) n\u00E3o foi poss\u00EDvel ler o documento; 3) o elemento-raiz do documento n\u00E3o \u00E9 <xsd:schema>.
         src-annotation = src-annotation: os elementos de <annotation> podem conter somente os elementos <appinfo> e <documentation>, mas foi encontrado ''{0}''.
         src-attribute.1 = src-attribute.1: As propriedades ''default'' e ''fixed'' n\u00E3o podem estar presentes na declara\u00E7\u00E3o do atributo ''{0}''. Use somente uma delas.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_sv.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_sv.properties	Fri May 17 10:07:23 2013 -0700
@@ -114,6 +114,7 @@
 
 #schema valid (3.X.3)
 
+        schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
         schema_reference.4 = schema_reference.4: L\u00E4sning av schemadokument ''{0}'' utf\u00F6rdes inte p\u00E5 grund av 1) det g\u00E5r inte att hitta dokumentet; 2) det g\u00E5r inte att l\u00E4sa dokumentet; 3) dokumentets rotelement \u00E4r inte <xsd:schema>.
         src-annotation = src-annotation: element f\u00F6r <anteckningar> f\u00E5r endast inneh\u00E5lla element f\u00F6r <appinfo> och <dokumentation>, men ''{0}'' hittades.
         src-attribute.1 = src-attribute.1: B\u00E5da egenskaperna ''default'' och ''fixed'' kan inte samtidigt ing\u00E5 i attributdeklarationen ''{0}''. Anv\u00E4nd en av dem.
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_zh_CN.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_zh_CN.properties	Fri May 17 10:07:23 2013 -0700
@@ -114,6 +114,7 @@
 
 #schema valid (3.X.3)
 
+        schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
         schema_reference.4 = schema_reference.4: \u65E0\u6CD5\u8BFB\u53D6\u65B9\u6848\u6587\u6863 ''{0}'', \u539F\u56E0\u4E3A 1) \u65E0\u6CD5\u627E\u5230\u6587\u6863; 2) \u65E0\u6CD5\u8BFB\u53D6\u6587\u6863; 3) \u6587\u6863\u7684\u6839\u5143\u7D20\u4E0D\u662F <xsd:schema>\u3002
         src-annotation = src-annotation: <annotation> \u5143\u7D20\u53EA\u80FD\u5305\u542B <appinfo> \u548C <documentation> \u5143\u7D20, \u4F46\u53D1\u73B0\u4E86 ''{0}''\u3002
         src-attribute.1 = src-attribute.1: \u5C5E\u6027\u58F0\u660E ''{0}'' \u4E2D\u4E0D\u80FD\u540C\u65F6\u5B58\u5728\u7279\u6027 ''default'' \u548C ''fixed''\u3002\u5E94\u53EA\u4F7F\u7528\u5176\u4E2D\u4E00\u4E2A\u3002
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_zh_TW.properties	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_zh_TW.properties	Fri May 17 10:07:23 2013 -0700
@@ -114,6 +114,7 @@
 
 #schema valid (3.X.3)
 
+        schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
         schema_reference.4 = schema_reference.4: \u7121\u6CD5\u8B80\u53D6\u7DB1\u8981\u6587\u4EF6 ''{0}''\uFF0C\u56E0\u70BA 1) \u627E\u4E0D\u5230\u6587\u4EF6; 2) \u7121\u6CD5\u8B80\u53D6\u6587\u4EF6; 3) \u6587\u4EF6\u7684\u6839\u5143\u7D20\u4E0D\u662F <xsd:schema>\u3002
         src-annotation = src-annotation: <annotation> \u5143\u7D20\u50C5\u80FD\u5305\u542B <appinfo> \u8207 <documentation> \u5143\u7D20\uFF0C\u4F46\u627E\u5230 ''{0}''\u3002
         src-attribute.1 = src-attribute.1: \u5C6C\u6027 ''default'' \u8207 ''fixed'' \u4E0D\u53EF\u540C\u6642\u51FA\u73FE\u5728\u5C6C\u6027\u5BA3\u544A ''{0}'' \u4E2D\u3002\u8ACB\u53EA\u4F7F\u7528\u5176\u4E2D\u4E00\u500B\u3002
--- a/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaLoader.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaLoader.java	Fri May 17 10:07:23 2013 -0700
@@ -53,6 +53,7 @@
 import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
 import com.sun.org.apache.xerces.internal.util.XMLSymbols;
+import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription;
@@ -71,6 +72,7 @@
 import com.sun.org.apache.xerces.internal.xs.XSModel;
 import java.util.HashMap;
 import java.util.Map;
+import javax.xml.XMLConstants;
 import org.w3c.dom.DOMConfiguration;
 import org.w3c.dom.DOMError;
 import org.w3c.dom.DOMErrorHandler;
@@ -216,6 +218,12 @@
     protected static final String ENTITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_MANAGER_PROPERTY;
 
+    /** Property identifier: access to external dtd */
+    public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+    /** Property identifier: access to external schema */
+    public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+
     // recognized properties
     private static final String [] RECOGNIZED_PROPERTIES = {
         ENTITY_MANAGER,
@@ -229,7 +237,9 @@
         JAXP_SCHEMA_SOURCE,
         SECURITY_MANAGER,
         LOCALE,
-        SCHEMA_DV_FACTORY
+        SCHEMA_DV_FACTORY,
+        ACCESS_EXTERNAL_DTD,
+        ACCESS_EXTERNAL_SCHEMA
     };
 
     // Data
@@ -260,6 +270,8 @@
     private final CMNodeFactory fNodeFactory = new CMNodeFactory(); //component mgr will be set later
     private CMBuilder fCMBuilder;
     private XSDDescription fXSDDescription = new XSDDescription();
+    private String faccessExternalDTD = Constants.EXTERNAL_ACCESS_DEFAULT;
+    private String faccessExternalSchema = Constants.EXTERNAL_ACCESS_DEFAULT;
 
     private Map fJAXPCache;
     private Locale fLocale = Locale.getDefault();
@@ -454,6 +466,12 @@
                 fErrorReporter.putMessageFormatter(XSMessageFormatter.SCHEMA_DOMAIN, new XSMessageFormatter());
             }
         }
+        else if (propertyId.equals(ACCESS_EXTERNAL_DTD)) {
+            faccessExternalDTD = (String) state;
+        }
+        else if (propertyId.equals(ACCESS_EXTERNAL_SCHEMA)) {
+            faccessExternalSchema = (String) state;
+        }
     } // setProperty(String, Object)
 
     /**
@@ -585,6 +603,15 @@
         if(!fJAXPProcessed) {
             processJAXPSchemaSource(locationPairs);
         }
+
+        if (desc.isExternal()) {
+            String accessError = SecuritySupport.checkAccess(desc.getExpandedSystemId(), faccessExternalSchema, Constants.ACCESS_EXTERNAL_ALL);
+            if (accessError != null) {
+                throw new XNIException(fErrorReporter.reportError(XSMessageFormatter.SCHEMA_DOMAIN,
+                        "schema_reference.access",
+                        new Object[] { SecuritySupport.sanitizePath(desc.getExpandedSystemId()), accessError }, XMLErrorReporter.SEVERITY_ERROR));
+            }
+        }
         SchemaGrammar grammar = fSchemaHandler.parseSchema(source, desc, locationPairs);
 
         return grammar;
@@ -1038,6 +1065,9 @@
         // get generate-synthetic-annotations feature
         fSchemaHandler.setGenerateSyntheticAnnotations(componentManager.getFeature(GENERATE_SYNTHETIC_ANNOTATIONS, false));
         fSchemaHandler.reset(componentManager);
+
+        faccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD);
+        faccessExternalSchema = (String) componentManager.getProperty(ACCESS_EXTERNAL_SCHEMA);
     }
 
     private void initGrammarBucket(){
--- a/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaValidator.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaValidator.java	Fri May 17 10:07:23 2013 -0700
@@ -29,7 +29,7 @@
 import java.util.Stack;
 import java.util.Vector;
 import java.util.ArrayList;
-
+import javax.xml.XMLConstants;
 import com.sun.org.apache.xerces.internal.impl.Constants;
 import com.sun.org.apache.xerces.internal.impl.RevalidationHandler;
 import com.sun.org.apache.xerces.internal.impl.XMLEntityManager;
@@ -233,6 +233,12 @@
     protected static final String SCHEMA_DV_FACTORY =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
 
+    /** property identifier: access external dtd. */
+    private static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+    /** Property identifier: access to external schema */
+    private static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+
     protected static final String USE_SERVICE_MECHANISM = Constants.ORACLE_FEATURE_SERVICE_MECHANISM;
 
     // recognized features and properties
@@ -291,11 +297,13 @@
             JAXP_SCHEMA_SOURCE,
             JAXP_SCHEMA_LANGUAGE,
             SCHEMA_DV_FACTORY,
+            ACCESS_EXTERNAL_DTD,
+            ACCESS_EXTERNAL_SCHEMA
             };
 
     /** Property defaults. */
     private static final Object[] PROPERTY_DEFAULTS =
-        { null, null, null, null, null, null, null, null, null, null, null};
+        { null, null, null, null, null, null, null, null, null, null, null, null, null};
 
     // this is the number of valuestores of each kind
     // we expect an element to have.  It's almost
--- a/src/com/sun/org/apache/xerces/internal/impl/xs/XSDDescription.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/xs/XSDDescription.java	Fri May 17 10:07:23 2013 -0700
@@ -34,6 +34,7 @@
  * @author Neil Graham, IBM
  * @author Neeraj Bajaj, SUN Microsystems.
  *
+ * @version $Id: XSDDescription.java,v 1.6 2010-11-01 04:39:55 joehw Exp $
  */
 public class XSDDescription extends XMLResourceIdentifierImpl
                 implements XMLSchemaDescription {
@@ -181,6 +182,17 @@
     }
 
     /**
+     * @return true is the schema is external
+     */
+    public boolean isExternal() {
+        return fContextType == CONTEXT_INCLUDE ||
+               fContextType == CONTEXT_REDEFINE ||
+               fContextType == CONTEXT_IMPORT ||
+               fContextType == CONTEXT_ELEMENT ||
+               fContextType == CONTEXT_ATTRIBUTE ||
+               fContextType == CONTEXT_XSITYPE;
+    }
+    /**
      * Compares this grammar with the given grammar. Currently, we compare
      * the target namespaces.
      *
--- a/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java	Fri May 17 10:07:23 2013 -0700
@@ -77,6 +77,7 @@
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
 import com.sun.org.apache.xerces.internal.util.XMLSymbols;
 import com.sun.org.apache.xerces.internal.util.URI.MalformedURIException;
+import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
 import com.sun.org.apache.xerces.internal.xni.QName;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
@@ -105,6 +106,7 @@
 import com.sun.org.apache.xerces.internal.xs.XSTerm;
 import com.sun.org.apache.xerces.internal.xs.XSTypeDefinition;
 import com.sun.org.apache.xerces.internal.xs.datatypes.ObjectList;
+import javax.xml.XMLConstants;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -221,6 +223,12 @@
     protected static final String LOCALE =
         Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY;
 
+    /** property identifier: access external dtd. */
+    public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+    /** Property identifier: access to external schema */
+    public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+
     protected static final boolean DEBUG_NODE_POOL = false;
 
     // Data
@@ -251,6 +259,8 @@
      */
     protected SecurityManager fSecureProcessing = null;
 
+    private String fAccessExternalSchema;
+
     // These tables correspond to the symbol spaces defined in the
     // spec.
     // They are keyed with a QName (that is, String("URI,localpart) and
@@ -2150,6 +2160,15 @@
                         fLastSchemaWasDuplicate = true;
                         return schemaElement;
                     }
+                    if (referType == XSDDescription.CONTEXT_IMPORT || referType == XSDDescription.CONTEXT_INCLUDE
+                            || referType == XSDDescription.CONTEXT_REDEFINE) {
+                        String accessError = SecuritySupport.checkAccess(schemaId, fAccessExternalSchema, Constants.ACCESS_EXTERNAL_ALL);
+                        if (accessError != null) {
+                            reportSchemaFatalError("schema_reference.access",
+                                    new Object[] { SecuritySupport.sanitizePath(schemaId), accessError },
+                                    referElement);
+                        }
+                    }
                 }
 
                 fSchemaParser.parse(schemaSource);
@@ -3561,6 +3580,11 @@
         } catch (XMLConfigurationException e) {
         }
 
+        //For Schema validation, the secure feature is set to true by default
+        fSchemaParser.setProperty(ACCESS_EXTERNAL_DTD,
+                componentManager.getProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT));
+        fAccessExternalSchema = (String) componentManager.getProperty(
+                ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
     } // reset(XMLComponentManager)
 
 
--- a/src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderFactoryImpl.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderFactoryImpl.java	Fri May 17 10:07:23 2013 -0700
@@ -37,7 +37,7 @@
 /**
  * @author Rajiv Mordani
  * @author Edwin Goei
- * @version $Id: DocumentBuilderFactoryImpl.java,v 1.6 2009/07/28 23:48:32 joehw Exp $
+ * @version $Id: DocumentBuilderFactoryImpl.java,v 1.8 2010-11-01 04:40:06 joehw Exp $
  */
 public class DocumentBuilderFactoryImpl extends DocumentBuilderFactory {
     /** These are DocumentBuilderFactory attributes not DOM attributes */
@@ -191,6 +191,9 @@
 
     public void setFeature(String name, boolean value)
         throws ParserConfigurationException {
+        if (features == null) {
+            features = new Hashtable();
+        }
         // If this is the secure processing feature, save it then return.
         if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
             if (System.getSecurityManager() != null && (!value)) {
@@ -199,11 +202,10 @@
                         "jaxp-secureprocessing-feature", null));
             }
             fSecureProcess = value;
+            features.put(name, value ? Boolean.TRUE : Boolean.FALSE);
             return;
         }
-        if (features == null) {
-            features = new Hashtable();
-        }
+
         features.put(name, value ? Boolean.TRUE : Boolean.FALSE);
         // Test the feature by possibly throwing SAX exceptions
         try {
--- a/src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java	Fri May 17 10:07:23 2013 -0700
@@ -27,6 +27,7 @@
 
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.validation.Schema;
+import javax.xml.XMLConstants;
 
 import com.sun.org.apache.xerces.internal.dom.DOMImplementationImpl;
 import com.sun.org.apache.xerces.internal.dom.DOMMessageFormatter;
@@ -42,6 +43,7 @@
 import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLDocumentSource;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
+import javax.xml.XMLConstants;
 import org.w3c.dom.DOMImplementation;
 import org.w3c.dom.Document;
 import org.xml.sax.EntityResolver;
@@ -95,6 +97,12 @@
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
+    /** property identifier: access external dtd. */
+    public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+    /** Property identifier: access to external schema */
+    public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+
     private final DOMParser domParser;
     private final Schema grammar;
 
@@ -155,6 +163,23 @@
         // If the secure processing feature is on set a security manager.
         if (secureProcessing) {
             domParser.setProperty(SECURITY_MANAGER, new SecurityManager());
+
+            /**
+             * By default, secure processing is set, no external access is allowed.
+             * However, we need to check if it is actively set on the factory since we
+             * allow the use of the System Property or jaxp.properties to override
+             * the default value
+             */
+            if (features != null) {
+                Object temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
+                if (temp != null) {
+                    boolean value = ((Boolean) temp).booleanValue();
+                    if (value) {
+                        domParser.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                        domParser.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                    }
+                }
+            }
         }
 
         this.grammar = dbf.getSchema();
@@ -211,6 +236,10 @@
                 String feature = (String) entry.getKey();
                 boolean value = ((Boolean) entry.getValue()).booleanValue();
                 domParser.setFeature(feature, value);
+                if (feature.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
+                    domParser.setProperty(ACCESS_EXTERNAL_DTD, "");
+                    domParser.setProperty(ACCESS_EXTERNAL_SCHEMA, "");
+                }
             }
         }
     }
--- a/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserFactoryImpl.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserFactoryImpl.java	Fri May 17 10:07:23 2013 -0700
@@ -43,7 +43,7 @@
  * @author Rajiv Mordani
  * @author Edwin Goei
  *
- * @version $Id: SAXParserFactoryImpl.java,v 1.7 2009/07/28 23:48:32 joehw Exp $
+ * @version $Id: SAXParserFactoryImpl.java,v 1.9 2010-11-01 04:40:06 joehw Exp $
  */
 public class SAXParserFactoryImpl extends SAXParserFactory {
 
@@ -124,6 +124,7 @@
                         "jaxp-secureprocessing-feature", null));
             }
             fSecureProcess = value;
+            putInFeatures(name, value);
             return;
         }
 
--- a/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java	Fri May 17 10:07:23 2013 -0700
@@ -92,6 +92,12 @@
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
+    /** property identifier: access external dtd. */
+    public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+    /** Property identifier: access to external schema */
+    public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+
     private final JAXPSAXParser xmlReader;
     private String schemaLanguage = null;     // null means DTD
     private final Schema grammar;
@@ -146,6 +152,22 @@
         // If the secure processing feature is on set a security manager.
         if (secureProcessing) {
             xmlReader.setProperty0(SECURITY_MANAGER, new SecurityManager());
+            /**
+             * By default, secure processing is set, no external access is allowed.
+             * However, we need to check if it is actively set on the factory since we
+             * allow the use of the System Property or jaxp.properties to override
+             * the default value
+             */
+            if (features != null) {
+                Object temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
+                if (temp != null) {
+                    boolean value = ((Boolean) temp).booleanValue();
+                    if (value) {
+                        xmlReader.setProperty0(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                        xmlReader.setProperty0(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                    }
+                }
+            }
         }
 
         // Set application's features, followed by validation features.
@@ -220,6 +242,10 @@
                 String feature = (String) entry.getKey();
                 boolean value = ((Boolean) entry.getValue()).booleanValue();
                 xmlReader.setFeature0(feature, value);
+                if (feature.equals(XMLConstants.FEATURE_SECURE_PROCESSING) && value) {
+                    xmlReader.setProperty0(ACCESS_EXTERNAL_DTD, "");
+                    xmlReader.setProperty0(ACCESS_EXTERNAL_SCHEMA, "");
+                }
             }
         }
     }
--- a/src/com/sun/org/apache/xerces/internal/jaxp/validation/AbstractXMLSchema.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/jaxp/validation/AbstractXMLSchema.java	Fri May 17 10:07:23 2013 -0700
@@ -41,8 +41,15 @@
      */
     private final HashMap fFeatures;
 
+    /**
+     * Map containing the initial values of properties for
+     * validators created using this grammar pool container.
+     */
+    private final HashMap fProperties;
+
     public AbstractXMLSchema() {
         fFeatures = new HashMap();
+        fProperties = new HashMap();
     }
 
     /*
@@ -77,11 +84,26 @@
     }
 
     /*
-     * Other methods
+     * Set a feature on the schema
      */
-
-    final void setFeature(String featureId, boolean state) {
+    public final void setFeature(String featureId, boolean state) {
         fFeatures.put(featureId, state ? Boolean.TRUE : Boolean.FALSE);
     }
 
+    /**
+     * Returns the initial value of a property for validators created
+     * using this grammar pool container or null if the validators
+     * should use the default value.
+     */
+    public final Object getProperty(String propertyId) {
+        return fProperties.get(propertyId);
+    }
+
+    /*
+     * Set a property on the schema
+     */
+    public final void setProperty(String propertyId, Object state) {
+        fProperties.put(propertyId, state);
+    }
+
 } // AbstractXMLSchema
--- a/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java	Fri May 17 10:07:23 2013 -0700
@@ -32,6 +32,7 @@
 import javax.xml.transform.TransformerConfigurationException;
 import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.XMLConstants;
 
 import com.sun.org.apache.xerces.internal.impl.Constants;
 import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
@@ -176,6 +177,8 @@
         }
         config.setProperty(SYMBOL_TABLE, fComponentManager.getProperty(SYMBOL_TABLE));
         config.setProperty(VALIDATION_MANAGER, fComponentManager.getProperty(VALIDATION_MANAGER));
+        config.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
+                fComponentManager.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
         config.setDocumentHandler(fSchemaValidator);
         config.setDTDHandler(null);
         config.setDTDContentModelHandler(null);
--- a/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java	Fri May 17 10:07:23 2013 -0700
@@ -675,6 +675,8 @@
                     spf.setNamespaceAware(true);
                     try {
                         reader = spf.newSAXParser().getXMLReader();
+                           reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
+                                   fComponentManager.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
                         // If this is a Xerces SAX parser, set the security manager if there is one
                         if (reader instanceof com.sun.org.apache.xerces.internal.parsers.SAXParser) {
                            SecurityManager securityManager = (SecurityManager) fComponentManager.getProperty(SECURITY_MANAGER);
@@ -685,6 +687,8 @@
                                // Ignore the exception if the security manager cannot be set.
                                catch (SAXException exc) {}
                            }
+                           reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
+                                   fComponentManager.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
                         }
                     } catch( Exception e ) {
                         // this is impossible, but better safe than sorry
--- a/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java	Fri May 17 10:07:23 2013 -0700
@@ -45,6 +45,7 @@
 import com.sun.org.apache.xerces.internal.util.StAXInputSource;
 import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.XMLGrammarPoolImpl;
+import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription;
@@ -82,6 +83,12 @@
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
+    /** property identifier: access external dtd. */
+    public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+    /** Property identifier: access to external schema  */
+    public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+
     //
     // Data
     //
@@ -132,6 +139,14 @@
         // Enable secure processing feature by default
         fSecurityManager = new SecurityManager();
         fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
+
+        //by default, the secure feature is set to true, otherwise the default would have been 'file'
+        String accessExternal = SecuritySupport.getDefaultAccessProperty(
+                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
+        fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, accessExternal);
+        accessExternal = SecuritySupport.getDefaultAccessProperty(
+                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
+        fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, accessExternal);
     }
 
     /**
@@ -274,6 +289,7 @@
         // Use a Schema that uses the system id as the equality source.
         AbstractXMLSchema schema = new WeakReferenceXMLSchema();
         propagateFeatures(schema);
+        propagateProperties(schema);
         return schema;
     }
 
@@ -350,6 +366,8 @@
             }
             fSecurityManager = value ? new SecurityManager() : null;
             fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
+            fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+            fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
             return;
         } else if (name.equals(Constants.ORACLE_FEATURE_SERVICE_MECHANISM)) {
             //in secure mode, let _useServicesMechanism be determined by the constructor
@@ -418,6 +436,15 @@
         }
     }
 
+    private void propagateProperties(AbstractXMLSchema schema) {
+        String[] properties = fXMLSchemaLoader.getRecognizedProperties();
+        for (int i = 0; i < properties.length; ++i) {
+            Object state = fXMLSchemaLoader.getProperty(properties[i]);
+            schema.setProperty(properties[i], state);
+        }
+    }
+
+
     /**
      * Extension of XMLGrammarPoolImpl which exposes the number of
      * grammars stored in the grammar pool.
--- a/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java	Fri May 17 10:07:23 2013 -0700
@@ -123,6 +123,12 @@
     private static final String LOCALE =
         Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY;
 
+    /** property identifier: access external dtd. */
+    private static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+    /** Property identifier: access to external schema  */
+    private static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+
     //
     // Data
     //
@@ -243,6 +249,9 @@
         }
         fComponents.put(SECURITY_MANAGER, fInitSecurityManager);
 
+        //pass on properties set on SchemaFactory
+        setProperty(ACCESS_EXTERNAL_DTD, grammarContainer.getProperty(ACCESS_EXTERNAL_DTD));
+        setProperty(ACCESS_EXTERNAL_SCHEMA, grammarContainer.getProperty(ACCESS_EXTERNAL_SCHEMA));
     }
 
     /**
--- a/src/com/sun/org/apache/xerces/internal/jaxp/validation/XSGrammarPoolContainer.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/jaxp/validation/XSGrammarPoolContainer.java	Fri May 17 10:07:23 2013 -0700
@@ -55,4 +55,21 @@
      */
     public Boolean getFeature(String featureId);
 
+    /*
+     * Set a feature on the schema
+     */
+    public void setFeature(String featureId, boolean state);
+
+    /**
+     * Returns the initial value of a property for validators created
+     * using this grammar pool container or null if the validators
+     * should use the default value.
+     */
+    public Object getProperty(String propertyId);
+
+    /*
+     * Set a property on the schema
+     */
+    public void setProperty(String propertyId, Object state);
+
 }
--- a/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java	Fri May 17 10:07:23 2013 -0700
@@ -20,10 +20,13 @@
 
 package com.sun.org.apache.xerces.internal.parsers;
 
+import java.io.File;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Locale;
+import java.util.Properties;
+import javax.xml.XMLConstants;
 
 import com.sun.org.apache.xerces.internal.impl.Constants;
 import com.sun.org.apache.xerces.internal.impl.XML11DTDScannerImpl;
@@ -52,6 +55,7 @@
 import com.sun.org.apache.xerces.internal.util.PropertyState;
 import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
+import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
@@ -274,6 +278,12 @@
     protected static final String SCHEMA_DV_FACTORY =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
 
+    /** Property identifier: access to external dtd */
+    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+    /** Property identifier: access to external schema */
+    protected static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+
     // debugging
 
     /** Set to true and recompile to print exception stack trace. */
@@ -475,7 +485,8 @@
                 XMLSCHEMA_VALIDATION, XMLSCHEMA_FULL_CHECKING,
                                 EXTERNAL_GENERAL_ENTITIES,
                                 EXTERNAL_PARAMETER_ENTITIES,
-                                PARSER_SETTINGS
+                                PARSER_SETTINGS,
+                                XMLConstants.FEATURE_SECURE_PROCESSING
                         };
         addRecognizedFeatures(recognizedFeatures);
                 // set state for default features
@@ -488,30 +499,31 @@
                 fFeatures.put(SCHEMA_ELEMENT_DEFAULT, Boolean.TRUE);
                 fFeatures.put(NORMALIZE_DATA, Boolean.TRUE);
                 fFeatures.put(SCHEMA_AUGMENT_PSVI, Boolean.TRUE);
-        fFeatures.put(GENERATE_SYNTHETIC_ANNOTATIONS, Boolean.FALSE);
-        fFeatures.put(VALIDATE_ANNOTATIONS, Boolean.FALSE);
-        fFeatures.put(HONOUR_ALL_SCHEMALOCATIONS, Boolean.FALSE);
-        fFeatures.put(NAMESPACE_GROWTH, Boolean.FALSE);
-        fFeatures.put(TOLERATE_DUPLICATES, Boolean.FALSE);
-        fFeatures.put(USE_GRAMMAR_POOL_ONLY, Boolean.FALSE);
+                fFeatures.put(GENERATE_SYNTHETIC_ANNOTATIONS, Boolean.FALSE);
+                fFeatures.put(VALIDATE_ANNOTATIONS, Boolean.FALSE);
+                fFeatures.put(HONOUR_ALL_SCHEMALOCATIONS, Boolean.FALSE);
+                fFeatures.put(NAMESPACE_GROWTH, Boolean.FALSE);
+                fFeatures.put(TOLERATE_DUPLICATES, Boolean.FALSE);
+                fFeatures.put(USE_GRAMMAR_POOL_ONLY, Boolean.FALSE);
                 fFeatures.put(PARSER_SETTINGS, Boolean.TRUE);
+                fFeatures.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
 
         // add default recognized properties
         final String[] recognizedProperties =
             {
-                                SYMBOL_TABLE,
-                                ERROR_HANDLER,
-                                ENTITY_RESOLVER,
+                SYMBOL_TABLE,
+                ERROR_HANDLER,
+                ENTITY_RESOLVER,
                 ERROR_REPORTER,
                 ENTITY_MANAGER,
                 DOCUMENT_SCANNER,
                 DTD_SCANNER,
                 DTD_PROCESSOR,
                 DTD_VALIDATOR,
-                                DATATYPE_VALIDATOR_FACTORY,
-                                VALIDATION_MANAGER,
-                                SCHEMA_VALIDATOR,
-                                XML_STRING,
+                DATATYPE_VALIDATOR_FACTORY,
+                VALIDATION_MANAGER,
+                SCHEMA_VALIDATOR,
+                XML_STRING,
                 XMLGRAMMAR_POOL,
                 JAXP_SCHEMA_SOURCE,
                 JAXP_SCHEMA_LANGUAGE,
@@ -523,18 +535,20 @@
                 SCHEMA_NONS_LOCATION,
                 LOCALE,
                 SCHEMA_DV_FACTORY,
+                ACCESS_EXTERNAL_DTD,
+                ACCESS_EXTERNAL_SCHEMA
         };
         addRecognizedProperties(recognizedProperties);
 
-                if (symbolTable == null) {
-                        symbolTable = new SymbolTable();
-                }
-                fSymbolTable = symbolTable;
-                fProperties.put(SYMBOL_TABLE, fSymbolTable);
+        if (symbolTable == null) {
+                symbolTable = new SymbolTable();
+        }
+        fSymbolTable = symbolTable;
+        fProperties.put(SYMBOL_TABLE, fSymbolTable);
 
         fGrammarPool = grammarPool;
         if (fGrammarPool != null) {
-                        fProperties.put(XMLGRAMMAR_POOL, fGrammarPool);
+            fProperties.put(XMLGRAMMAR_POOL, fGrammarPool);
         }
 
         fEntityManager = new XMLEntityManager();
@@ -570,6 +584,15 @@
 
         fVersionDetector = new XMLVersionDetector();
 
+        //FEATURE_SECURE_PROCESSING is true, see the feature above
+        String accessExternal =  SecuritySupport.getDefaultAccessProperty(
+                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
+        fProperties.put(ACCESS_EXTERNAL_DTD, accessExternal);
+
+        accessExternal =  SecuritySupport.getDefaultAccessProperty(
+                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
+        fProperties.put(ACCESS_EXTERNAL_SCHEMA, accessExternal);
+
         // add message formatters
         if (fErrorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) {
             XMLMessageFormatter xmft = new XMLMessageFormatter();
--- a/src/com/sun/org/apache/xerces/internal/util/URI.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/util/URI.java	Fri May 17 10:07:23 2013 -0700
@@ -22,6 +22,7 @@
 
 import java.io.IOException;
 import java.io.Serializable;
+import java.util.Objects;
 
 /**********************************************************************
 * A class to represent a Uniform Resource Identifier (URI). This class
@@ -1212,7 +1213,7 @@
   * @return the scheme-specific part for this URI
   */
   public String getSchemeSpecificPart() {
-    StringBuffer schemespec = new StringBuffer();
+    final StringBuilder schemespec = new StringBuilder();
 
     if (m_host != null || m_regAuthority != null) {
       schemespec.append("//");
@@ -1297,7 +1298,7 @@
    * @return the authority
    */
   public String getAuthority() {
-      StringBuffer authority = new StringBuffer();
+      final StringBuilder authority = new StringBuilder();
       if (m_host != null || m_regAuthority != null) {
           authority.append("//");
 
@@ -1340,7 +1341,7 @@
   */
   public String getPath(boolean p_includeQueryString,
                         boolean p_includeFragment) {
-    StringBuffer pathString = new StringBuffer(m_path);
+    final StringBuilder pathString = new StringBuilder(m_path);
 
     if (p_includeQueryString && m_queryString != null) {
       pathString.append('?');
@@ -1683,6 +1684,7 @@
   * @return true if p_test is a URI with all values equal to this
   *         URI, false otherwise
   */
+  @Override
   public boolean equals(Object p_test) {
     if (p_test instanceof URI) {
       URI testURI = (URI) p_test;
@@ -1711,13 +1713,27 @@
     return false;
   }
 
+    @Override
+    public int hashCode() {
+        int hash = 5;
+        hash = 47 * hash + Objects.hashCode(this.m_scheme);
+        hash = 47 * hash + Objects.hashCode(this.m_userinfo);
+        hash = 47 * hash + Objects.hashCode(this.m_host);
+        hash = 47 * hash + this.m_port;
+        hash = 47 * hash + Objects.hashCode(this.m_path);
+        hash = 47 * hash + Objects.hashCode(this.m_queryString);
+        hash = 47 * hash + Objects.hashCode(this.m_fragment);
+        return hash;
+    }
+
  /**
   * Get the URI as a string specification. See RFC 2396 Section 5.2.
   *
   * @return the URI string specification
   */
+  @Override
   public String toString() {
-    StringBuffer uriSpecString = new StringBuffer();
+    final StringBuilder uriSpecString = new StringBuilder();
 
     if (m_scheme != null) {
       uriSpecString.append(m_scheme);
--- a/src/com/sun/org/apache/xerces/internal/utils/SecuritySupport.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/utils/SecuritySupport.java	Fri May 17 10:07:23 2013 -0700
@@ -23,14 +23,16 @@
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
+import java.io.IOException;
 import java.io.InputStream;
-
+import java.net.URL;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.util.Locale;
 import java.util.MissingResourceException;
+import java.util.Properties;
 import java.util.PropertyResourceBundle;
 import java.util.ResourceBundle;
 
@@ -195,5 +197,141 @@
                 })).longValue();
     }
 
+    /**
+     * Strip off path from an URI
+     *
+     * @param uri an URI with full path
+     * @return the file name only
+     */
+    public static String sanitizePath(String uri) {
+        if (uri == null) {
+            return "";
+        }
+        int i = uri.lastIndexOf("/");
+        if (i > 0) {
+            return uri.substring(i+1, uri.length());
+        }
+        return "";
+    }
+
+    /**
+     * Check the protocol used in the systemId against allowed protocols
+     *
+     * @param systemId the Id of the URI
+     * @param allowedProtocols a list of allowed protocols separated by comma
+     * @param accessAny keyword to indicate allowing any protocol
+     * @return the name of the protocol if rejected, null otherwise
+     */
+    public static String checkAccess(String systemId, String allowedProtocols, String accessAny) throws IOException {
+        if (systemId == null || allowedProtocols.equalsIgnoreCase(accessAny)) {
+            return null;
+        }
+
+        String protocol;
+        if (systemId.indexOf(":")==-1) {
+            protocol = "file";
+        } else {
+            URL url = new URL(systemId);
+            protocol = url.getProtocol();
+            if (protocol.equalsIgnoreCase("jar")) {
+                String path = url.getPath();
+                protocol = path.substring(0, path.indexOf(":"));
+            }
+        }
+
+        if (isProtocolAllowed(protocol, allowedProtocols)) {
+            //access allowed
+            return null;
+        } else {
+            return protocol;
+        }
+    }
+
+    /**
+     * Check if the protocol is in the allowed list of protocols. The check
+     * is case-insensitive while ignoring whitespaces.
+     *
+     * @param protocol a protocol
+     * @param allowedProtocols a list of allowed protocols
+     * @return true if the protocol is in the list
+     */
+    private static boolean isProtocolAllowed(String protocol, String allowedProtocols) {
+         String temp[] = allowedProtocols.split(",");
+         for (String t : temp) {
+             t = t.trim();
+             if (t.equalsIgnoreCase(protocol)) {
+                 return true;
+             }
+         }
+         return false;
+     }
+
+    /**
+     * Read from $java.home/lib/jaxp.properties for the specified property
+     *
+     * @param propertyId the Id of the property
+     * @return the value of the property
+     */
+    public static String getDefaultAccessProperty(String sysPropertyId, String defaultVal) {
+        String accessExternal = SecuritySupport.getSystemProperty(sysPropertyId);
+        if (accessExternal == null) {
+            accessExternal = readJAXPProperty(sysPropertyId);
+            if (accessExternal == null) {
+                accessExternal = defaultVal;
+            }
+        }
+        return accessExternal;
+    }
+
+     /**
+     * Read from $java.home/lib/jaxp.properties for the specified property
+     * The program
+     *
+     * @param propertyId the Id of the property
+     * @return the value of the property
+     */
+    static String readJAXPProperty(String propertyId) {
+        String value = null;
+        InputStream is = null;
+        try {
+            if (firstTime) {
+                synchronized (cacheProps) {
+                    if (firstTime) {
+                        String configFile = getSystemProperty("java.home") + File.separator +
+                            "lib" + File.separator + "jaxp.properties";
+                        File f = new File(configFile);
+                        if (getFileExists(f)) {
+                            is = getFileInputStream(f);
+                            cacheProps.load(is);
+                        }
+                        firstTime = false;
+                    }
+                }
+            }
+            value = cacheProps.getProperty(propertyId);
+
+        }
+        catch (Exception ex) {}
+        finally {
+            if (is != null) {
+                try {
+                    is.close();
+                } catch (IOException ex) {}
+            }
+        }
+
+        return value;
+    }
+
+   /**
+     * Cache for properties in java.home/lib/jaxp.properties
+     */
+    static final Properties cacheProps = new Properties();
+
+    /**
+     * Flag indicating if the program has tried reading java.home/lib/jaxp.properties
+     */
+    static volatile boolean firstTime = true;
+
     private SecuritySupport () {}
 }
--- a/src/com/sun/org/apache/xerces/internal/xinclude/XIncludeHandler.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xerces/internal/xinclude/XIncludeHandler.java	Fri May 17 10:07:23 2013 -0700
@@ -26,6 +26,7 @@
 import java.util.Locale;
 import java.util.Stack;
 import java.util.StringTokenizer;
+import javax.xml.XMLConstants;
 
 import com.sun.org.apache.xerces.internal.impl.Constants;
 import com.sun.org.apache.xerces.internal.impl.XMLEntityManager;
@@ -67,6 +68,7 @@
 import com.sun.org.apache.xerces.internal.xpointer.XPointerHandler;
 import com.sun.org.apache.xerces.internal.xpointer.XPointerProcessor;
 import com.sun.org.apache.xerces.internal.utils.ObjectFactory;
+import java.util.Objects;
 
 /**
  * <p>
@@ -229,6 +231,14 @@
     protected static final String PARSER_SETTINGS =
         Constants.XERCES_FEATURE_PREFIX + Constants.PARSER_SETTINGS;
 
+    /** property identifier: access external dtd. */
+    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+    /** access external dtd: file protocol
+     *  For DOM/SAX, the secure feature is set to true by default
+     */
+    final static String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT;
+
     /** Recognized features. */
     private static final String[] RECOGNIZED_FEATURES =
         { ALLOW_UE_AND_NOTATION_EVENTS, XINCLUDE_FIXUP_BASE_URIS, XINCLUDE_FIXUP_LANGUAGE };
@@ -283,6 +293,12 @@
     protected XMLErrorReporter fErrorReporter;
     protected XMLEntityResolver fEntityResolver;
     protected SecurityManager fSecurityManager;
+    /**
+     * comma-delimited list of protocols that are allowed for the purpose
+     * of accessing external dtd or entity references
+     */
+    protected String fAccessExternalDTD = EXTERNAL_ACCESS_DEFAULT;
+
 
     // these are needed for text include processing
     protected XIncludeTextReader fXInclude10TextReader;
@@ -375,6 +391,7 @@
 
     // XMLComponent methods
 
+    @Override
     public void reset(XMLComponentManager componentManager)
         throws XNIException {
         fNamespaceContext = null;
@@ -523,6 +540,8 @@
             fSecurityManager = null;
         }
 
+        fAccessExternalDTD = (String)componentManager.getProperty(ACCESS_EXTERNAL_DTD);
+
         // Get buffer size.
         try {
             Integer value =
@@ -580,6 +599,7 @@
      * this component. This method may return null if no features
      * are recognized by this component.
      */
+    @Override
     public String[] getRecognizedFeatures() {
         return (String[])(RECOGNIZED_FEATURES.clone());
     } // getRecognizedFeatures():String[]
@@ -599,6 +619,7 @@
      * @throws SAXNotSupportedException The component should not throw
      *                                  this exception.
      */
+    @Override
     public void setFeature(String featureId, boolean state)
         throws XMLConfigurationException {
         if (featureId.equals(ALLOW_UE_AND_NOTATION_EVENTS)) {
@@ -615,6 +636,7 @@
      * this component. This method may return null if no properties
      * are recognized by this component.
      */
+    @Override
     public String[] getRecognizedProperties() {
         return (String[])(RECOGNIZED_PROPERTIES.clone());
     } // getRecognizedProperties():String[]
@@ -634,6 +656,7 @@
      * @throws SAXNotSupportedException The component should not throw
      *                                  this exception.
      */
+    @Override
     public void setProperty(String propertyId, Object value)
         throws XMLConfigurationException {
         if (propertyId.equals(SYMBOL_TABLE)) {
@@ -664,6 +687,14 @@
             }
             return;
         }
+        if (propertyId.equals(ACCESS_EXTERNAL_DTD)) {
+            fAccessExternalDTD = (String)value;
+            if (fChildConfig != null) {
+                fChildConfig.setProperty(propertyId, value);
+            }
+            return;
+        }
+
         if (propertyId.equals(BUFFER_SIZE)) {
             Integer bufferSize = (Integer) value;
             if (fChildConfig != null) {
@@ -694,6 +725,7 @@
      *
      * @since Xerces 2.2.0
      */
+    @Override
     public Boolean getFeatureDefault(String featureId) {
         for (int i = 0; i < RECOGNIZED_FEATURES.length; i++) {
             if (RECOGNIZED_FEATURES[i].equals(featureId)) {
@@ -712,6 +744,7 @@
      *
      * @since Xerces 2.2.0
      */
+    @Override
     public Object getPropertyDefault(String propertyId) {
         for (int i = 0; i < RECOGNIZED_PROPERTIES.length; i++) {
             if (RECOGNIZED_PROPERTIES[i].equals(propertyId)) {
@@ -721,10 +754,12 @@
         return null;
     } // getPropertyDefault(String):Object
 
+    @Override
     public void setDocumentHandler(XMLDocumentHandler handler) {
         fDocumentHandler = handler;
     }
 
+    @Override
     public XMLDocumentHandler getDocumentHandler() {
         return fDocumentHandler;
     }
@@ -739,6 +774,7 @@
      *
      * This event is only passed on to the document handler if this is the root document.
      */
+    @Override
     public void startDocument(
         XMLLocator locator,
         String encoding,
@@ -786,6 +822,7 @@
         }
     }
 
+    @Override
     public void xmlDecl(
         String version,
         String encoding,
@@ -798,6 +835,7 @@
         }
     }
 
+    @Override
     public void doctypeDecl(
         String rootElement,
         String publicId,
@@ -809,6 +847,7 @@
         }
     }
 
+    @Override
     public void comment(XMLString text, Augmentations augs)
         throws XNIException {
         if (!fInDTD) {
@@ -825,6 +864,7 @@
         }
     }
 
+    @Override
     public void processingInstruction(
         String target,
         XMLString data,
@@ -845,6 +885,7 @@
         }
     }
 
+    @Override
     public void startElement(
         QName element,
         XMLAttributes attributes,
@@ -915,6 +956,7 @@
         }
     }
 
+    @Override
     public void emptyElement(
         QName element,
         XMLAttributes attributes,
@@ -996,6 +1038,7 @@
         fDepth--;
     }
 
+    @Override
     public void endElement(QName element, Augmentations augs)
         throws XNIException {
 
@@ -1041,6 +1084,7 @@
         fDepth--;
     }
 
+    @Override
     public void startGeneralEntity(
         String name,
         XMLResourceIdentifier resId,
@@ -1059,6 +1103,7 @@
         }
     }
 
+    @Override
     public void textDecl(String version, String encoding, Augmentations augs)
         throws XNIException {
         if (fDocumentHandler != null
@@ -1067,6 +1112,7 @@
         }
     }
 
+    @Override
     public void endGeneralEntity(String name, Augmentations augs)
         throws XNIException {
         if (fDocumentHandler != null
@@ -1076,6 +1122,7 @@
         }
     }
 
+    @Override
     public void characters(XMLString text, Augmentations augs)
         throws XNIException {
         if (getState() == STATE_NORMAL_PROCESSING) {
@@ -1092,6 +1139,7 @@
         }
     }
 
+    @Override
     public void ignorableWhitespace(XMLString text, Augmentations augs)
         throws XNIException {
         if (fDocumentHandler != null
@@ -1101,6 +1149,7 @@
         }
     }
 
+    @Override
     public void startCDATA(Augmentations augs) throws XNIException {
         if (fDocumentHandler != null
             && getState() == STATE_NORMAL_PROCESSING
@@ -1109,6 +1158,7 @@
         }
     }
 
+    @Override
     public void endCDATA(Augmentations augs) throws XNIException {
         if (fDocumentHandler != null
             && getState() == STATE_NORMAL_PROCESSING
@@ -1117,6 +1167,7 @@
         }
     }
 
+    @Override
     public void endDocument(Augmentations augs) throws XNIException {
         if (isRootDocument()) {
             if (!fSeenRootElement) {
@@ -1128,10 +1179,12 @@
         }
     }
 
+    @Override
     public void setDocumentSource(XMLDocumentSource source) {
         fDocumentSource = source;
     }
 
+    @Override
     public XMLDocumentSource getDocumentSource() {
         return fDocumentSource;
     }
@@ -1143,6 +1196,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#attributeDecl(java.lang.String, java.lang.String, java.lang.String, java.lang.String[], java.lang.String, com.sun.org.apache.xerces.internal.xni.XMLString, com.sun.org.apache.xerces.internal.xni.XMLString, com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void attributeDecl(
         String elementName,
         String attributeName,
@@ -1169,6 +1223,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#elementDecl(java.lang.String, java.lang.String, com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void elementDecl(
         String name,
         String contentModel,
@@ -1182,6 +1237,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#endAttlist(com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void endAttlist(Augmentations augmentations) throws XNIException {
         if (fDTDHandler != null) {
             fDTDHandler.endAttlist(augmentations);
@@ -1191,6 +1247,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#endConditional(com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void endConditional(Augmentations augmentations)
         throws XNIException {
         if (fDTDHandler != null) {
@@ -1201,6 +1258,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#endDTD(com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void endDTD(Augmentations augmentations) throws XNIException {
         if (fDTDHandler != null) {
             fDTDHandler.endDTD(augmentations);
@@ -1211,6 +1269,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#endExternalSubset(com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void endExternalSubset(Augmentations augmentations)
         throws XNIException {
         if (fDTDHandler != null) {
@@ -1221,6 +1280,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#endParameterEntity(java.lang.String, com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void endParameterEntity(String name, Augmentations augmentations)
         throws XNIException {
         if (fDTDHandler != null) {
@@ -1231,6 +1291,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#externalEntityDecl(java.lang.String, com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier, com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void externalEntityDecl(
         String name,
         XMLResourceIdentifier identifier,
@@ -1244,6 +1305,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#getDTDSource()
      */
+    @Override
     public XMLDTDSource getDTDSource() {
         return fDTDSource;
     }
@@ -1251,6 +1313,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#ignoredCharacters(com.sun.org.apache.xerces.internal.xni.XMLString, com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void ignoredCharacters(XMLString text, Augmentations augmentations)
         throws XNIException {
         if (fDTDHandler != null) {
@@ -1261,6 +1324,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#internalEntityDecl(java.lang.String, com.sun.org.apache.xerces.internal.xni.XMLString, com.sun.org.apache.xerces.internal.xni.XMLString, com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void internalEntityDecl(
         String name,
         XMLString text,
@@ -1279,6 +1343,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#notationDecl(java.lang.String, com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier, com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void notationDecl(
         String name,
         XMLResourceIdentifier identifier,
@@ -1293,6 +1358,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#setDTDSource(com.sun.org.apache.xerces.internal.xni.parser.XMLDTDSource)
      */
+    @Override
     public void setDTDSource(XMLDTDSource source) {
         fDTDSource = source;
     }
@@ -1300,6 +1366,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#startAttlist(java.lang.String, com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void startAttlist(String elementName, Augmentations augmentations)
         throws XNIException {
         if (fDTDHandler != null) {
@@ -1310,6 +1377,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#startConditional(short, com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void startConditional(short type, Augmentations augmentations)
         throws XNIException {
         if (fDTDHandler != null) {
@@ -1320,6 +1388,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#startDTD(com.sun.org.apache.xerces.internal.xni.XMLLocator, com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void startDTD(XMLLocator locator, Augmentations augmentations)
         throws XNIException {
         fInDTD = true;
@@ -1331,6 +1400,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#startExternalSubset(com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier, com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void startExternalSubset(
         XMLResourceIdentifier identifier,
         Augmentations augmentations)
@@ -1343,6 +1413,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#startParameterEntity(java.lang.String, com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier, java.lang.String, com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void startParameterEntity(
         String name,
         XMLResourceIdentifier identifier,
@@ -1361,6 +1432,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.XMLDTDHandler#unparsedEntityDecl(java.lang.String, com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier, java.lang.String, com.sun.org.apache.xerces.internal.xni.Augmentations)
      */
+    @Override
     public void unparsedEntityDecl(
         String name,
         XMLResourceIdentifier identifier,
@@ -1380,6 +1452,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.parser.XMLDTDSource#getDTDHandler()
      */
+    @Override
     public XMLDTDHandler getDTDHandler() {
         return fDTDHandler;
     }
@@ -1387,6 +1460,7 @@
     /* (non-Javadoc)
      * @see com.sun.org.apache.xerces.internal.xni.parser.XMLDTDSource#setDTDHandler(com.sun.org.apache.xerces.internal.xni.XMLDTDHandler)
      */
+    @Override
     public void setDTDHandler(XMLDTDHandler handler) {
         fDTDHandler = handler;
     }
@@ -1578,6 +1652,7 @@
                 if (fErrorReporter != null) fChildConfig.setProperty(ERROR_REPORTER, fErrorReporter);
                 if (fEntityResolver != null) fChildConfig.setProperty(ENTITY_RESOLVER, fEntityResolver);
                 fChildConfig.setProperty(SECURITY_MANAGER, fSecurityManager);
+                fChildConfig.setProperty(ACCESS_EXTERNAL_DTD, fAccessExternalDTD);
                 fChildConfig.setProperty(BUFFER_SIZE, new Integer(fBufferSize));
 
                 // features must be copied to child configuration
@@ -1615,11 +1690,10 @@
                         fNamespaceContext);
 
                     ((XPointerHandler)fXPtrProcessor).setProperty(XINCLUDE_FIXUP_BASE_URIS,
-                            new Boolean(fFixupBaseURIs));
+                            fFixupBaseURIs);
 
                     ((XPointerHandler)fXPtrProcessor).setProperty(
-                            XINCLUDE_FIXUP_LANGUAGE,
-                            new Boolean (fFixupLanguage));
+                            XINCLUDE_FIXUP_LANGUAGE, fFixupLanguage);
 
                     if (fErrorReporter != null)
                         ((XPointerHandler)fXPtrProcessor).setProperty(ERROR_REPORTER, fErrorReporter);
@@ -1691,7 +1765,7 @@
                 if (fErrorReporter != null) {
                     fErrorReporter.setDocumentLocator(fDocLocation);
                 }
-                reportFatalError("XMLParseError", new Object[] { href });
+                reportFatalError("XMLParseError", new Object[] { href, e.getMessage() });
             }
             catch (IOException e) {
                 // necessary to make sure proper location is reported in errors
@@ -2093,14 +2167,14 @@
                 /** Check whether the scheme components are equal. */
                 final String baseScheme = base.getScheme();
                 final String literalScheme = uri.getScheme();
-                if (!isEqual(baseScheme, literalScheme)) {
+                if (!Objects.equals(baseScheme, literalScheme)) {
                     return relativeURI;
                 }
 
                 /** Check whether the authority components are equal. */
                 final String baseAuthority = base.getAuthority();
                 final String literalAuthority = uri.getAuthority();
-                if (!isEqual(baseAuthority, literalAuthority)) {
+                if (!Objects.equals(baseAuthority, literalAuthority)) {
                     return uri.getSchemeSpecificPart();
                 }
 
@@ -2113,7 +2187,7 @@
                 final String literalQuery = uri.getQueryString();
                 final String literalFragment = uri.getFragment();
                 if (literalQuery != null || literalFragment != null) {
-                    StringBuffer buffer = new StringBuffer();
+                    final StringBuilder buffer = new StringBuilder();
                     if (literalPath != null) {
                         buffer.append(literalPath);
                     }
@@ -2624,15 +2698,15 @@
 
         // equals() returns true if two Notations have the same name.
         // Useful for searching Vectors for notations with the same name
+        @Override
         public boolean equals(Object obj) {
-            if (obj == null) {
-                return false;
-            }
-            if (obj instanceof Notation) {
-                Notation other = (Notation)obj;
-                return name.equals(other.name);
-            }
-            return false;
+            return obj == this || obj instanceof Notation
+                    && Objects.equals(name, ((Notation)obj).name);
+        }
+
+        @Override
+        public int hashCode() {
+            return Objects.hashCode(name);
         }
 
         // from 4.5.2
@@ -2645,16 +2719,12 @@
         public boolean isDuplicate(Object obj) {
             if (obj != null && obj instanceof Notation) {
                 Notation other = (Notation)obj;
-                return name.equals(other.name)
-                && isEqual(publicId, other.publicId)
-                && isEqual(expandedSystemId, other.expandedSystemId);
+                return Objects.equals(name, other.name)
+                && Objects.equals(publicId, other.publicId)
+                && Objects.equals(expandedSystemId, other.expandedSystemId);
             }
             return false;
         }
-
-        private boolean isEqual(String one, String two) {
-            return (one == two || (one != null && one.equals(two)));
-        }
     }
 
     // This is a storage class to hold information about the unparsed entities.
@@ -2670,15 +2740,15 @@
 
         // equals() returns true if two UnparsedEntities have the same name.
         // Useful for searching Vectors for entities with the same name
+        @Override
         public boolean equals(Object obj) {
-            if (obj == null) {
-                return false;
-            }
-            if (obj instanceof UnparsedEntity) {
-                UnparsedEntity other = (UnparsedEntity)obj;
-                return name.equals(other.name);
-            }
-            return false;
+            return obj == this || obj instanceof UnparsedEntity
+                    && Objects.equals(name, ((UnparsedEntity)obj).name);
+        }
+
+        @Override
+        public int hashCode() {
+            return Objects.hashCode(name);
         }
 
         // from 4.5.1:
@@ -2691,17 +2761,13 @@
         public boolean isDuplicate(Object obj) {
             if (obj != null && obj instanceof UnparsedEntity) {
                 UnparsedEntity other = (UnparsedEntity)obj;
-                return name.equals(other.name)
-                && isEqual(publicId, other.publicId)
-                && isEqual(expandedSystemId, other.expandedSystemId)
-                && isEqual(notation, other.notation);
+                return Objects.equals(name, other.name)
+                && Objects.equals(publicId, other.publicId)
+                && Objects.equals(expandedSystemId, other.expandedSystemId)
+                && Objects.equals(notation, other.notation);
             }
             return false;
         }
-
-        private boolean isEqual(String one, String two) {
-            return (one == two || (one != null && one.equals(two)));
-        }
     }
 
     // The following methods are used for XML Base processing
@@ -2891,17 +2957,13 @@
         return httpSource;
     }
 
-    private boolean isEqual(String one, String two) {
-        return (one == two || (one != null && one.equals(two)));
-    }
-
     // which ASCII characters need to be escaped
-    private static boolean gNeedEscaping[] = new boolean[128];
+    private static final boolean gNeedEscaping[] = new boolean[128];
     // the first hex character if a character needs to be escaped
-    private static char gAfterEscaping1[] = new char[128];
+    private static final char gAfterEscaping1[] = new char[128];
     // the second hex character if a character needs to be escaped
-    private static char gAfterEscaping2[] = new char[128];
-    private static char[] gHexChs = {'0', '1', '2', '3', '4', '5', '6', '7',
+    private static final char gAfterEscaping2[] = new char[128];
+    private static final char[] gHexChs = {'0', '1', '2', '3', '4', '5', '6', '7',
                                      '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
     // initialize the above 3 arrays
     static {
@@ -2931,7 +2993,7 @@
     private String escapeHref(String href) {
         int len = href.length();
         int ch;
-        StringBuffer buffer = new StringBuffer(len*3);
+        final StringBuilder buffer = new StringBuilder(len*3);
 
         // for each character in the href
         int i = 0;
--- a/src/com/sun/org/apache/xml/internal/dtm/ref/DTMNodeProxy.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xml/internal/dtm/ref/DTMNodeProxy.java	Fri May 17 10:07:23 2013 -0700
@@ -27,6 +27,7 @@
 import com.sun.org.apache.xml.internal.dtm.DTM;
 import com.sun.org.apache.xml.internal.dtm.DTMDOMException;
 import com.sun.org.apache.xpath.internal.NodeSet;
+import java.util.Objects;
 
 import org.w3c.dom.Attr;
 import org.w3c.dom.CDATASection;
@@ -141,21 +142,21 @@
    *
    * @return true if the given node has the same handle as this node.
    */
+  @Override
   public final boolean equals(Object node)
   {
-
-    try
-    {
-
       // DTMNodeProxy dtmp = (DTMNodeProxy)node;
       // return (dtmp.node == this.node);
       // Patch attributed to Gary L Peskin <garyp@firstech.com>
-      return equals((Node) node);
-    }
-    catch (ClassCastException cce)
-    {
-      return false;
-    }
+      return node instanceof Node && equals((Node) node);
+  }
+
+  @Override
+  public int hashCode() {
+      int hash = 7;
+      hash = 29 * hash + Objects.hashCode(this.dtm);
+      hash = 29 * hash + this.node;
+      return hash;
   }
 
   /**
@@ -181,6 +182,7 @@
    *
    * @see org.w3c.dom.Node
    */
+  @Override
   public final String getNodeName()
   {
     return dtm.getNodeName(node);
@@ -199,6 +201,7 @@
    *
    *
    */
+  @Override
   public final String getTarget()
   {
     return dtm.getNodeName(node);
@@ -209,6 +212,7 @@
    *
    * @see org.w3c.dom.Node as of DOM Level 2
    */
+  @Override
   public final String getLocalName()
   {
     return dtm.getLocalName(node);
@@ -218,6 +222,7 @@
    * @return The prefix for this node.
    * @see org.w3c.dom.Node as of DOM Level 2
    */
+  @Override
   public final String getPrefix()
   {
     return dtm.getPrefix(node);
@@ -230,6 +235,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Node as of DOM Level 2 -- DTMNodeProxy is read-only
    */
+  @Override
   public final void setPrefix(String prefix) throws DOMException
   {
     throw new DTMDOMException(DOMException.NO_MODIFICATION_ALLOWED_ERR);
@@ -240,6 +246,7 @@
    *
    * @see org.w3c.dom.Node as of DOM Level 2
    */
+  @Override
   public final String getNamespaceURI()
   {
     return dtm.getNamespaceURI(node);
@@ -277,6 +284,7 @@
    * @return false
    * @see org.w3c.dom.Node as of DOM Level 2
    */
+  @Override
   public final boolean isSupported(String feature, String version)
   {
     return implementation.hasFeature(feature,version);
@@ -290,6 +298,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Node
    */
+  @Override
   public final String getNodeValue() throws DOMException
   {
     return dtm.getNodeValue(node);
@@ -312,6 +321,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Node -- DTMNodeProxy is read-only
    */
+  @Override
   public final void setNodeValue(String nodeValue) throws DOMException
   {
     throw new DTMDOMException(DOMException.NO_MODIFICATION_ALLOWED_ERR);
@@ -322,6 +332,7 @@
    *
    * @see org.w3c.dom.Node
    */
+  @Override
   public final short getNodeType()
   {
     return (short) dtm.getNodeType(node);
@@ -332,6 +343,7 @@
    *
    * @see org.w3c.dom.Node
    */
+  @Override
   public final Node getParentNode()
   {
 
@@ -361,6 +373,7 @@
    *
    * @see org.w3c.dom.Node
    */
+  @Override
   public final NodeList getChildNodes()
   {
 
@@ -377,6 +390,7 @@
    *
    * @see org.w3c.dom.Node
    */
+  @Override
   public final Node getFirstChild()
   {
 
@@ -390,6 +404,7 @@
    *
    * @see org.w3c.dom.Node
    */
+  @Override
   public final Node getLastChild()
   {
 
@@ -403,6 +418,7 @@
    *
    * @see org.w3c.dom.Node
    */
+  @Override
   public final Node getPreviousSibling()
   {
 
@@ -416,6 +432,7 @@
    *
    * @see org.w3c.dom.Node
    */
+  @Override
   public final Node getNextSibling()
   {
 
@@ -435,6 +452,7 @@
    *
    * @see org.w3c.dom.Node
    */
+  @Override
   public final NamedNodeMap getAttributes()
   {
 
@@ -448,6 +466,7 @@
    * @param name
    *
    */
+  @Override
   public boolean hasAttribute(String name)
   {
     return DTM.NULL != dtm.getAttributeNode(node,null,name);
@@ -462,6 +481,7 @@
    *
    *
    */
+  @Override
   public boolean hasAttributeNS(String namespaceURI, String localName)
   {
     return DTM.NULL != dtm.getAttributeNode(node,namespaceURI,localName);
@@ -472,6 +492,7 @@
    *
    * @see org.w3c.dom.Node
    */
+  @Override
   public final Document getOwnerDocument()
   {
         // Note that this uses the DOM-compatable version of the call
@@ -488,6 +509,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Node -- DTMNodeProxy is read-only
    */
+  @Override
   public final Node insertBefore(Node newChild, Node refChild)
     throws DOMException
   {
@@ -504,6 +526,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Node -- DTMNodeProxy is read-only
    */
+  @Override
   public final Node replaceChild(Node newChild, Node oldChild)
     throws DOMException
   {
@@ -519,6 +542,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Node -- DTMNodeProxy is read-only
    */
+  @Override
   public final Node removeChild(Node oldChild) throws DOMException
   {
     throw new DTMDOMException(DOMException.NO_MODIFICATION_ALLOWED_ERR);
@@ -533,6 +557,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Node -- DTMNodeProxy is read-only
    */
+  @Override
   public final Node appendChild(Node newChild) throws DOMException
   {
     throw new DTMDOMException(DOMException.NO_MODIFICATION_ALLOWED_ERR);
@@ -543,6 +568,7 @@
    *
    * @see org.w3c.dom.Node
    */
+  @Override
   public final boolean hasChildNodes()
   {
     return (DTM.NULL != dtm.getFirstChild(node));
@@ -555,6 +581,7 @@
    *
    * @see org.w3c.dom.Node -- DTMNodeProxy is read-only
    */
+  @Override
   public final Node cloneNode(boolean deep)
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -565,6 +592,7 @@
    *
    * @see org.w3c.dom.Document
    */
+  @Override
   public final DocumentType getDoctype()
   {
     return null;
@@ -575,6 +603,7 @@
    *
    * @see org.w3c.dom.Document
    */
+  @Override
   public final DOMImplementation getImplementation()
   {
     return implementation;
@@ -587,6 +616,7 @@
    *
    * @see org.w3c.dom.Document
    */
+  @Override
   public final Element getDocumentElement()
   {
                 int dochandle=dtm.getDocument();
@@ -634,6 +664,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Document
    */
+  @Override
   public final Element createElement(String tagName) throws DOMException
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -644,6 +675,7 @@
    *
    * @see org.w3c.dom.Document
    */
+  @Override
   public final DocumentFragment createDocumentFragment()
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -656,6 +688,7 @@
    *
    * @see org.w3c.dom.Document
    */
+  @Override
   public final Text createTextNode(String data)
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -668,6 +701,7 @@
    *
    * @see org.w3c.dom.Document
    */
+  @Override
   public final Comment createComment(String data)
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -682,6 +716,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Document
    */
+  @Override
   public final CDATASection createCDATASection(String data)
     throws DOMException
   {
@@ -698,8 +733,9 @@
    * @throws DOMException
    * @see org.w3c.dom.Document
    */
+  @Override
   public final ProcessingInstruction createProcessingInstruction(
-                                                                 String target, String data) throws DOMException
+                                String target, String data) throws DOMException
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
   }
@@ -713,6 +749,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Document
    */
+  @Override
   public final Attr createAttribute(String name) throws DOMException
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -727,6 +764,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Document
    */
+  @Override
   public final EntityReference createEntityReference(String name)
     throws DOMException
   {
@@ -739,6 +777,7 @@
    *
    * @see org.w3c.dom.Document
    */
+  @Override
   public final NodeList getElementsByTagName(String tagname)
   {
        Vector listVector = new Vector();
@@ -819,6 +858,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Document as of DOM Level 2 -- DTMNodeProxy is read-only
    */
+  @Override
   public final Node importNode(Node importedNode, boolean deep)
     throws DOMException
   {
@@ -835,8 +875,9 @@
    * @throws DOMException
    * @see org.w3c.dom.Document as of DOM Level 2
    */
+  @Override
   public final Element createElementNS(
-                                       String namespaceURI, String qualifiedName) throws DOMException
+                 String namespaceURI, String qualifiedName) throws DOMException
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
   }
@@ -851,8 +892,9 @@
    * @throws DOMException
    * @see org.w3c.dom.Document as of DOM Level 2
    */
+  @Override
   public final Attr createAttributeNS(
-                                      String namespaceURI, String qualifiedName) throws DOMException
+                  String namespaceURI, String qualifiedName) throws DOMException
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
   }
@@ -865,6 +907,7 @@
    *
    * @see org.w3c.dom.Document as of DOM Level 2
    */
+  @Override
   public final NodeList getElementsByTagNameNS(String namespaceURI,
                                                String localName)
   {
@@ -952,6 +995,7 @@
    *
    * @see org.w3c.dom.Document as of DOM Level 2
    */
+  @Override
   public final Element getElementById(String elementId)
   {
        return (Element) dtm.getNode(dtm.getElementById(elementId));
@@ -966,6 +1010,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Text
    */
+  @Override
   public final Text splitText(int offset) throws DOMException
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -978,6 +1023,7 @@
    * @throws DOMException
    * @see org.w3c.dom.CharacterData
    */
+  @Override
   public final String getData() throws DOMException
   {
     return dtm.getNodeValue(node);
@@ -990,6 +1036,7 @@
    * @throws DOMException
    * @see org.w3c.dom.CharacterData
    */
+  @Override
   public final void setData(String data) throws DOMException
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -1000,6 +1047,7 @@
    *
    * @see org.w3c.dom.CharacterData
    */
+  @Override
   public final int getLength()
   {
     // %OPT% This should do something smarter?
@@ -1016,6 +1064,7 @@
    * @throws DOMException
    * @see org.w3c.dom.CharacterData
    */
+  @Override
   public final String substringData(int offset, int count) throws DOMException
   {
     return getData().substring(offset,offset+count);
@@ -1028,6 +1077,7 @@
    * @throws DOMException
    * @see org.w3c.dom.CharacterData
    */
+  @Override
   public final void appendData(String arg) throws DOMException
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -1041,6 +1091,7 @@
    * @throws DOMException
    * @see org.w3c.dom.CharacterData
    */
+  @Override
   public final void insertData(int offset, String arg) throws DOMException
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -1054,6 +1105,7 @@
    * @throws DOMException
    * @see org.w3c.dom.CharacterData
    */
+  @Override
   public final void deleteData(int offset, int count) throws DOMException
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -1068,6 +1120,7 @@
    * @throws DOMException
    * @see org.w3c.dom.CharacterData
    */
+  @Override
   public final void replaceData(int offset, int count, String arg)
     throws DOMException
   {
@@ -1079,6 +1132,7 @@
    *
    * @see org.w3c.dom.Element
    */
+  @Override
   public final String getTagName()
   {
     return dtm.getNodeName(node);
@@ -1091,12 +1145,13 @@
    *
    * @see org.w3c.dom.Element
    */
+  @Override
   public final String getAttribute(String name)
   {
-
     DTMNamedNodeMap  map = new DTMNamedNodeMap(dtm, node);
-    Node node = map.getNamedItem(name);
-    return (null == node) ? EMPTYSTRING : node.getNodeValue();  }
+    Node n = map.getNamedItem(name);
+    return (null == n) ? EMPTYSTRING : n.getNodeValue();
+  }
 
   /**
    *
@@ -1106,6 +1161,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Element
    */
+  @Override
   public final void setAttribute(String name, String value)
     throws DOMException
   {
@@ -1119,6 +1175,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Element
    */
+  @Override
   public final void removeAttribute(String name) throws DOMException
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -1131,9 +1188,9 @@
    *
    * @see org.w3c.dom.Element
    */
+  @Override
   public final Attr getAttributeNode(String name)
   {
-
     DTMNamedNodeMap  map = new DTMNamedNodeMap(dtm, node);
     return (Attr)map.getNamedItem(name);
   }
@@ -1147,6 +1204,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Element
    */
+  @Override
   public final Attr setAttributeNode(Attr newAttr) throws DOMException
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -1161,6 +1219,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Element
    */
+  @Override
   public final Attr removeAttributeNode(Attr oldAttr) throws DOMException
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -1171,12 +1230,14 @@
    *
    *
    */
+  @Override
   public boolean hasAttributes()
   {
     return DTM.NULL != dtm.getFirstAttribute(node);
   }
 
   /** @see org.w3c.dom.Element */
+  @Override
   public final void normalize()
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -1190,6 +1251,7 @@
    *
    * @see org.w3c.dom.Element
    */
+  @Override
   public final String getAttributeNS(String namespaceURI, String localName)
   {
     Node retNode = null;
@@ -1208,6 +1270,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Element
    */
+  @Override
   public final void setAttributeNS(
                                    String namespaceURI, String qualifiedName, String value)
     throws DOMException
@@ -1223,6 +1286,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Element
    */
+  @Override
   public final void removeAttributeNS(String namespaceURI, String localName)
     throws DOMException
   {
@@ -1237,6 +1301,7 @@
    *
    * @see org.w3c.dom.Element
    */
+  @Override
   public final Attr getAttributeNodeNS(String namespaceURI, String localName)
   {
        Attr retAttr = null;
@@ -1256,6 +1321,7 @@
    * @throws DOMException
    * @see org.w3c.dom.Element
    */
+  @Override
   public final Attr setAttributeNodeNS(Attr newAttr) throws DOMException
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -1266,6 +1332,7 @@
    *
    * @see org.w3c.dom.Attr
    */
+  @Override
   public final String getName()
   {
     return dtm.getNodeName(node);
@@ -1276,6 +1343,7 @@
    *
    * @see org.w3c.dom.Attr
    */
+  @Override
   public final boolean getSpecified()
   {
     // We really don't know which attributes might have come from the
@@ -1290,6 +1358,7 @@
    *
    * @see org.w3c.dom.Attr
    */
+  @Override
   public final String getValue()
   {
     return dtm.getNodeValue(node);
@@ -1300,6 +1369,7 @@
    * @param value
    * @see org.w3c.dom.Attr
    */
+  @Override
   public final void setValue(String value)
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -1311,6 +1381,7 @@
    *
    * @see org.w3c.dom.Attr as of DOM Level 2
    */
+  @Override
   public final Element getOwnerElement()
   {
     if (getNodeType() != Node.ATTRIBUTE_NODE)
@@ -1331,9 +1402,9 @@
    *
    * @throws DOMException
    */
+  @Override
   public Node adoptNode(Node source) throws DOMException
   {
-
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
   }
 
@@ -1348,9 +1419,9 @@
    *
    * NEEDSDOC ($objectName$) @return
    */
+  @Override
   public String getInputEncoding()
   {
-
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
   }
 
@@ -1383,7 +1454,6 @@
    */
   public boolean getStandalone()
   {
-
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
   }
 
@@ -1418,9 +1488,9 @@
    *
    * NEEDSDOC ($objectName$) @return
    */
+  @Override
   public boolean getStrictErrorChecking()
   {
-
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
   }
 
@@ -1439,6 +1509,7 @@
    *
    * NEEDSDOC @param strictErrorChecking
    */
+  @Override
   public void setStrictErrorChecking(boolean strictErrorChecking)
   {
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
@@ -1457,7 +1528,6 @@
    */
   public String getVersion()
   {
-
     throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
   }
 
@@ -1482,10 +1552,12 @@
    */
   static class DTMNodeProxyImplementation implements DOMImplementation
   {
+    @Override
     public DocumentType createDocumentType(String qualifiedName,String publicId, String systemId)
     {
       throw new DTMDOMException(DOMException.NOT_SUPPORTED_ERR);
     }
+    @Override
     public Document createDocument(String namespaceURI,String qualfiedName,DocumentType doctype)
     {
       // Could create a DTM... but why, when it'd have to be permanantly empty?
@@ -1500,6 +1572,7 @@
      * methods we can't support. I'm not sure which would be more useful
      * to the caller.
      */
+    @Override
     public boolean hasFeature(String feature,String version)
     {
       if( ("CORE".equals(feature.toUpperCase()) || "XML".equals(feature.toUpperCase()))
@@ -1530,6 +1603,7 @@
      *   childNodes, etc.
      * @since DOM Level 3
      */
+    @Override
     public Object getFeature(String feature, String version) {
         // we don't have any alternate node, either this node does the job
         // or we don't have anything that does
@@ -1542,6 +1616,7 @@
 
 //RAMESH : Pending proper implementation of DOM Level 3
 
+    @Override
     public Object setUserData(String key,
                               Object data,
                               UserDataHandler handler) {
@@ -1557,6 +1632,7 @@
      *   on this node, or <code>null</code> if there was none.
      * @since DOM Level 3
      */
+    @Override
     public Object getUserData(String key) {
         return getOwnerDocument().getUserData( key);
     }
@@ -1581,6 +1657,7 @@
      *   childNodes, etc.
      * @since DOM Level 3
      */
+    @Override
     public Object getFeature(String feature, String version) {
         // we don't have any alternate node, either this node does the job
         // or we don't have anything that does
@@ -1629,6 +1706,7 @@
      *   <code>true</code> otherwise <code>false</code>.
      * @since DOM Level 3
      */
+    @Override
     public boolean isEqualNode(Node arg) {
         if (arg == this) {
             return true;
@@ -1705,6 +1783,7 @@
      * @return th URI for the namespace
      * @since DOM Level 3
      */
+    @Override
     public String lookupNamespaceURI(String specifiedPrefix) {
         short type = this.getNodeType();
         switch (type) {
@@ -1797,6 +1876,7 @@
      *   is the default namespace, <code>false</code> otherwise.
      * @since DOM Level 3
      */
+    @Override
     public boolean isDefaultNamespace(String namespaceURI){
        /*
         // REVISIT: remove casts when DOM L3 becomes REC.
@@ -1871,6 +1951,7 @@
      * @param namespaceURI
      * @return the prefix for the namespace
      */
+    @Override
     public String lookupPrefix(String namespaceURI){
 
         // REVISIT: When Namespaces 1.1 comes out this may not be true
@@ -1932,6 +2013,7 @@
      *   <code>false</code> otherwise.
      * @since DOM Level 3
      */
+    @Override
     public boolean isSameNode(Node other) {
         // we do not use any wrapper so the answer is obvious
         return this == other;
@@ -1980,8 +2062,9 @@
      *   DOMSTRING_SIZE_ERR: Raised when it would return more characters than
      *   fit in a <code>DOMString</code> variable on the implementation
      *   platform.
-       * @since DOM Level 3
+     * @since DOM Level 3
      */
+    @Override
     public void setTextContent(String textContent)
         throws DOMException {
         setNodeValue(textContent);
@@ -2031,6 +2114,7 @@
      *   platform.
      * @since DOM Level 3
      */
+    @Override
     public String getTextContent() throws DOMException {
         return getNodeValue();  // overriden in some subclasses
     }
@@ -2043,6 +2127,7 @@
      *   node.
      * @since DOM Level 3
      */
+    @Override
     public short compareDocumentPosition(Node other) throws DOMException {
         return 0;
     }
@@ -2071,14 +2156,16 @@
      * Yes. (F2F 26 Sep 2001)
      * @since DOM Level 3
      */
+    @Override
     public String getBaseURI() {
         return null;
     }
 
-        /**
+    /**
      * DOM Level 3
      * Renaming node
      */
+    @Override
     public Node renameNode(Node n,
                            String namespaceURI,
                            String name)
@@ -2091,14 +2178,16 @@
      *  DOM Level 3
      *  Normalize document.
      */
+    @Override
     public void normalizeDocument(){
 
     }
     /**
-     *  The configuration used when <code>Document.normalizeDocument</code> is
+     * The configuration used when <code>Document.normalizeDocument</code> is
      * invoked.
      * @since DOM Level 3
      */
+    @Override
     public DOMConfiguration getDomConfig(){
        return null;
     }
@@ -2110,8 +2199,8 @@
     /**
      * DOM Level 3
      */
+    @Override
     public void setDocumentURI(String documentURI){
-
         fDocumentURI= documentURI;
     }
 
@@ -2123,6 +2212,7 @@
      * over this attribute.
      * @since DOM Level 3
      */
+    @Override
     public String getDocumentURI(){
         return fDocumentURI;
     }
@@ -2154,9 +2244,10 @@
         actualEncoding = value;
     }
 
-     /**
+   /**
     * DOM Level 3
     */
+    @Override
     public Text replaceWholeText(String content)
                                  throws DOMException{
 /*
@@ -2210,6 +2301,7 @@
      * nodes to this node, concatenated in document order.
      * @since DOM Level 3
      */
+    @Override
     public String getWholeText(){
 
 /*
@@ -2235,13 +2327,11 @@
      * Returns whether this text node contains whitespace in element content,
      * often abusively called "ignorable whitespace".
      */
+    @Override
     public boolean isElementContentWhitespace(){
         return false;
     }
 
-
-
-
      /**
      * NON-DOM: set the type of this attribute to be ID type.
      *
@@ -2254,6 +2344,7 @@
      /**
      * DOM Level 3: register the given attribute node as an ID attribute
      */
+    @Override
     public void setIdAttribute(String name, boolean makeId) {
         //PENDING
     }
@@ -2262,6 +2353,7 @@
     /**
      * DOM Level 3: register the given attribute node as an ID attribute
      */
+    @Override
     public void setIdAttributeNode(Attr at, boolean makeId) {
         //PENDING
     }
@@ -2269,6 +2361,7 @@
     /**
      * DOM Level 3: register the given attribute node as an ID attribute
      */
+    @Override
     public void setIdAttributeNS(String namespaceURI, String localName,
                                     boolean makeId) {
         //PENDING
@@ -2277,16 +2370,19 @@
          * Method getSchemaTypeInfo.
          * @return TypeInfo
          */
+    @Override
     public TypeInfo getSchemaTypeInfo(){
       return null; //PENDING
     }
 
+    @Override
     public boolean isId() {
         return false; //PENDING
     }
 
 
     private String xmlEncoding;
+    @Override
     public String getXmlEncoding( ) {
         return xmlEncoding;
     }
@@ -2295,23 +2391,25 @@
     }
 
     private boolean xmlStandalone;
+    @Override
     public boolean getXmlStandalone() {
         return xmlStandalone;
     }
 
+    @Override
     public void setXmlStandalone(boolean xmlStandalone) throws DOMException {
         this.xmlStandalone = xmlStandalone;
     }
 
     private String xmlVersion;
+    @Override
     public String getXmlVersion() {
         return xmlVersion;
     }
 
+    @Override
     public void setXmlVersion(String xmlVersion) throws DOMException {
         this.xmlVersion = xmlVersion;
     }
 
-
-
 }
--- a/src/com/sun/org/apache/xml/internal/serializer/Encodings.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xml/internal/serializer/Encodings.java	Fri May 17 10:07:23 2013 -0700
@@ -33,6 +33,14 @@
 import java.util.HashMap;
 import java.util.Properties;
 import java.util.StringTokenizer;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.nio.charset.Charset;
+import java.nio.charset.IllegalCharsetNameException;
+import java.nio.charset.UnsupportedCharsetException;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Map.Entry;
 
 import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
 
@@ -79,36 +87,17 @@
         throws UnsupportedEncodingException
     {
 
-        for (int i = 0; i < _encodings.length; ++i)
-        {
-            if (_encodings[i].name.equalsIgnoreCase(encoding))
-            {
-                try
-                {
-                    return new BufferedWriter(new OutputStreamWriter(
-                        output,
-                        _encodings[i].javaName));
-                }
-                catch (java.lang.IllegalArgumentException iae) // java 1.1.8
-                {
-                    // keep trying
-                }
-                catch (UnsupportedEncodingException usee)
-                {
-
-                    // keep trying
-                }
+        final EncodingInfo ei = _encodingInfos.findEncoding(toUpperCaseFast(encoding));
+        if (ei != null) {
+            try {
+                return new BufferedWriter(new OutputStreamWriter(
+                        output, ei.javaName));
+            } catch (UnsupportedEncodingException usee) {
+                // keep trying
             }
         }
 
-        try
-        {
-            return new BufferedWriter(new OutputStreamWriter(output, encoding));
-        }
-        catch (java.lang.IllegalArgumentException iae) // java 1.1.8
-        {
-            throw new UnsupportedEncodingException(encoding);
-        }
+        return new BufferedWriter(new OutputStreamWriter(output, encoding));
     }
 
 
@@ -141,12 +130,24 @@
         EncodingInfo ei;
 
         String normalizedEncoding = toUpperCaseFast(encoding);
-        ei = (EncodingInfo) _encodingTableKeyJava.get(normalizedEncoding);
-        if (ei == null)
-            ei = (EncodingInfo) _encodingTableKeyMime.get(normalizedEncoding);
+        ei = _encodingInfos.findEncoding(normalizedEncoding);
         if (ei == null) {
             // We shouldn't have to do this, but just in case.
-            ei = new EncodingInfo(null,null);
+            try {
+                // This may happen if the caller tries to use
+                // an encoding that wasn't registered in the
+                // (java name)->(preferred mime name) mapping file.
+                // In that case we attempt to load the charset for the
+                // given encoding, and if that succeeds - we create a new
+                // EncodingInfo instance - assuming the canonical name
+                // of the charset can be used as the mime name.
+                final Charset c = Charset.forName(encoding);
+                final String name = c.name();
+                ei = new EncodingInfo(name, name);
+                _encodingInfos.putEncoding(normalizedEncoding, ei);
+            } catch (IllegalCharsetNameException | UnsupportedCharsetException x) {
+                ei = new EncodingInfo(null,null);
+            }
         }
 
         return ei;
@@ -269,8 +270,8 @@
      */
     private static String convertJava2MimeEncoding(String encoding)
     {
-        EncodingInfo enc =
-            (EncodingInfo) _encodingTableKeyJava.get(encoding.toUpperCase());
+        final EncodingInfo enc =
+             _encodingInfos.getEncodingFromJavaKey(toUpperCaseFast(encoding));
         if (null != enc)
             return enc.name;
         return encoding;
@@ -285,38 +286,37 @@
      */
     public static String convertMime2JavaEncoding(String encoding)
     {
+        final EncodingInfo info = _encodingInfos.findEncoding(toUpperCaseFast(encoding));
+        return info != null ? info.javaName : encoding;
+    }
 
-        for (int i = 0; i < _encodings.length; ++i)
-        {
-            if (_encodings[i].name.equalsIgnoreCase(encoding))
-            {
-                return _encodings[i].javaName;
-            }
+    // Using an inner static class here prevent initialization races
+    // where the hash maps could be used before they were populated.
+    //
+    private final static class EncodingInfos {
+        // These maps are final and not modified after initialization.
+        private final Map<String, EncodingInfo> _encodingTableKeyJava = new HashMap<>();
+        private final Map<String, EncodingInfo> _encodingTableKeyMime = new HashMap<>();
+        // This map will be added to after initialization: make sure it's
+        // thread-safe. This map should not be used frequently - only in cases
+        // where the mapping requested was not declared in the Encodings.properties
+        // file.
+        private final Map<String, EncodingInfo> _encodingDynamicTable =
+                Collections.synchronizedMap(new HashMap<String, EncodingInfo>());
+
+        private EncodingInfos() {
+            loadEncodingInfo();
         }
 
-        return encoding;
-    }
-
-    /**
-     * Load a list of all the supported encodings.
-     *
-     * System property "encodings" formatted using URL syntax may define an
-     * external encodings list. Thanks to Sergey Ushakov for the code
-     * contribution!
-     */
-    private static EncodingInfo[] loadEncodingInfo()
-    {
-        try
-        {
+        // Opens the file/resource containing java charset name -> preferred mime
+        // name mapping and returns it as an InputStream.
+        private InputStream openEncodingsFileStream() throws MalformedURLException, IOException {
             String urlString = null;
             InputStream is = null;
 
-            try
-            {
+            try {
                 urlString = SecuritySupport.getSystemProperty(ENCODINGS_PROP, "");
-            }
-            catch (SecurityException e)
-            {
+            } catch (SecurityException e) {
             }
 
             if (urlString != null && urlString.length() > 0) {
@@ -327,84 +327,188 @@
             if (is == null) {
                 is = SecuritySupport.getResourceAsStream(ENCODINGS_FILE);
             }
+            return is;
+        }
 
+        // Loads the Properties resource containing the mapping:
+        //    java charset name -> preferred mime name
+        // and returns it.
+        private Properties loadProperties() throws MalformedURLException, IOException {
             Properties props = new Properties();
-            if (is != null) {
-                props.load(is);
-                is.close();
-            } else {
-                // Seems to be no real need to force failure here, let the
-                // system do its best... The issue is not really very critical,
-                // and the output will be in any case _correct_ though maybe not
-                // always human-friendly... :)
-                // But maybe report/log the resource problem?
-                // Any standard ways to report/log errors (in static context)?
+            try (InputStream is = openEncodingsFileStream()) {
+                if (is != null) {
+                    props.load(is);
+                } else {
+                    // Seems to be no real need to force failure here, let the
+                    // system do its best... The issue is not really very critical,
+                    // and the output will be in any case _correct_ though maybe not
+                    // always human-friendly... :)
+                    // But maybe report/log the resource problem?
+                    // Any standard ways to report/log errors (in static context)?
+                }
             }
+            return props;
+        }
 
-            int totalEntries = props.size();
-            int totalMimeNames = 0;
-            Enumeration keys = props.keys();
-            for (int i = 0; i < totalEntries; ++i)
-            {
-                String javaName = (String) keys.nextElement();
-                String val = props.getProperty(javaName);
-                totalMimeNames++;
-                int pos = val.indexOf(' ');
-                for (int j = 0; j < pos; ++j)
-                    if (val.charAt(j) == ',')
-                        totalMimeNames++;
+        // Parses the mime list associated to a java charset name.
+        // The first mime name in the list is supposed to be the preferred
+        // mime name.
+        private String[] parseMimeTypes(String val) {
+            int pos = val.indexOf(' ');
+            //int lastPrintable;
+            if (pos < 0) {
+                // Maybe report/log this problem?
+                //  "Last printable character not defined for encoding " +
+                //  mimeName + " (" + val + ")" ...
+                return new String[] { val };
+                //lastPrintable = 0x00FF;
             }
-            EncodingInfo[] ret = new EncodingInfo[totalMimeNames];
-            int j = 0;
-            keys = props.keys();
-            for (int i = 0; i < totalEntries; ++i)
-            {
-                String javaName = (String) keys.nextElement();
-                String val = props.getProperty(javaName);
-                int pos = val.indexOf(' ');
-                String mimeName;
-                //int lastPrintable;
-                if (pos < 0)
-                {
-                    // Maybe report/log this problem?
-                    //  "Last printable character not defined for encoding " +
-                    //  mimeName + " (" + val + ")" ...
-                    mimeName = val;
-                    //lastPrintable = 0x00FF;
-                }
-                else
-                {
-                    //lastPrintable =
-                    //    Integer.decode(val.substring(pos).trim()).intValue();
-                    StringTokenizer st =
-                        new StringTokenizer(val.substring(0, pos), ",");
-                    for (boolean first = true;
-                        st.hasMoreTokens();
-                        first = false)
-                    {
-                        mimeName = st.nextToken();
-                        ret[j] =
-                            new EncodingInfo(mimeName, javaName);
-                        _encodingTableKeyMime.put(
-                            mimeName.toUpperCase(),
-                            ret[j]);
-                        if (first)
-                            _encodingTableKeyJava.put(
-                                javaName.toUpperCase(),
-                                ret[j]);
-                        j++;
+            //lastPrintable =
+            //    Integer.decode(val.substring(pos).trim()).intValue();
+            StringTokenizer st =
+                    new StringTokenizer(val.substring(0, pos), ",");
+            String[] values = new String[st.countTokens()];
+            for (int i=0; st.hasMoreTokens(); i++) {
+                values[i] = st.nextToken();
+            }
+            return values;
+        }
+
+        // This method here attempts to find the canonical charset name for the
+        // the given name - which is supposed to be either a java name or a mime
+        // name.
+        // For that, it attempts to load the charset using the given name, and
+        // then returns the charset's canonical name.
+        // If the charset could not be loaded from the given name,
+        // the method returns null.
+        private String findCharsetNameFor(String name) {
+            try {
+                return Charset.forName(name).name();
+            } catch (Exception x) {
+                return null;
+            }
+        }
+
+        // This method here attempts to find the canonical charset name for the
+        // the set javaName+mimeNames - which are supposed to all refer to the
+        // same charset.
+        // For that it attempts to load the charset using the javaName, and if
+        // not found, attempts again using each of the mime names in turn.
+        // If the charset could be loaded from the javaName, then the javaName
+        // itself is returned as charset name. Otherwise, each of the mime names
+        // is tried in turn, until a charset can be loaded from one of the names,
+        // and the loaded charset's canonical name is returned.
+        // If no charset can be loaded from either the javaName or one of the
+        // mime names, then null is returned.
+        //
+        // Note that the returned name is the 'java' name that will be used in
+        // instances of EncodingInfo.
+        // This is important because EncodingInfo uses that 'java name' later on
+        // in calls to String.getBytes(javaName).
+        // As it happens, sometimes only one element of the set mime names/javaName
+        // is known by Charset: sometimes only one of the mime names is known,
+        // sometime only the javaName is known, sometimes all are known.
+        //
+        // By using this method here, we fix the problem where one of the mime
+        // names is known but the javaName is unknown, by associating the charset
+        // loaded from one of the mime names with the unrecognized javaName.
+        //
+        // When none of the mime names or javaName are known - there's not much we can
+        // do... It can mean that this encoding is not supported for this
+        // OS. If such a charset is ever use it will result in having all characters
+        // escaped.
+        //
+        private String findCharsetNameFor(String javaName, String[] mimes) {
+            String cs = findCharsetNameFor(javaName);
+            if (cs != null) return javaName;
+            for (String m : mimes) {
+                cs = findCharsetNameFor(m);
+                if (cs != null) break;
+            }
+            return cs;
+        }
+
+        /**
+         * Loads a list of all the supported encodings.
+         *
+         * System property "encodings" formatted using URL syntax may define an
+         * external encodings list. Thanks to Sergey Ushakov for the code
+         * contribution!
+         */
+        private void loadEncodingInfo() {
+            try {
+                // load (java name)->(preferred mime name) mapping.
+                final Properties props = loadProperties();
+
+                // create instances of EncodingInfo from the loaded mapping
+                Enumeration keys = props.keys();
+                Map<String, EncodingInfo> canonicals = new HashMap<>();
+                while (keys.hasMoreElements()) {
+                    final String javaName = (String) keys.nextElement();
+                    final String[] mimes = parseMimeTypes(props.getProperty(javaName));
+
+                    final String charsetName = findCharsetNameFor(javaName, mimes);
+                    if (charsetName != null) {
+                        final String kj = toUpperCaseFast(javaName);
+                        final String kc = toUpperCaseFast(charsetName);
+                        for (int i = 0; i < mimes.length; ++i) {
+                            final String mimeName = mimes[i];
+                            final String km = toUpperCaseFast(mimeName);
+                            EncodingInfo info = new EncodingInfo(mimeName, charsetName);
+                            _encodingTableKeyMime.put(km, info);
+                            if (!canonicals.containsKey(kc)) {
+                                // canonicals will map the charset name to
+                                //   the info containing the prefered mime name
+                                //   (the preferred mime name is the first mime
+                                //   name in the list).
+                                canonicals.put(kc, info);
+                                _encodingTableKeyJava.put(kc, info);
+                            }
+                            _encodingTableKeyJava.put(kj, info);
+                        }
+                    } else {
+                        // None of the java or mime names on the line were
+                        // recognized => this charset is not supported?
                     }
                 }
+
+                // Fix up the _encodingTableKeyJava so that the info mapped to
+                // the java name contains the preferred mime name.
+                // (a given java name can correspond to several mime name,
+                //  but we want the _encodingTableKeyJava to point to the
+                //  preferred mime name).
+                for (Entry<String, EncodingInfo> e : _encodingTableKeyJava.entrySet()) {
+                    e.setValue(canonicals.get(toUpperCaseFast(e.getValue().javaName)));
+                }
+
+            } catch (java.net.MalformedURLException mue) {
+                throw new com.sun.org.apache.xml.internal.serializer.utils.WrappedRuntimeException(mue);
+            } catch (java.io.IOException ioe) {
+                throw new com.sun.org.apache.xml.internal.serializer.utils.WrappedRuntimeException(ioe);
             }
-            return ret;
         }
-        catch (java.net.MalformedURLException mue)
-        {
-            throw new com.sun.org.apache.xml.internal.serializer.utils.WrappedRuntimeException(mue);
+
+        EncodingInfo findEncoding(String normalizedEncoding) {
+            EncodingInfo info = _encodingTableKeyJava.get(normalizedEncoding);
+            if (info == null) {
+                info = _encodingTableKeyMime.get(normalizedEncoding);
+            }
+            if (info == null) {
+                info = _encodingDynamicTable.get(normalizedEncoding);
+            }
+            return info;
         }
-        catch (java.io.IOException ioe)
-        {
-            throw new com.sun.org.apache.xml.internal.serializer.utils.WrappedRuntimeException(ioe);
+
+        EncodingInfo getEncodingFromMimeKey(String normalizedMimeName) {
+            return _encodingTableKeyMime.get(normalizedMimeName);
+        }
+
+        EncodingInfo getEncodingFromJavaKey(String normalizedJavaName) {
+            return _encodingTableKeyJava.get(normalizedJavaName);
+        }
+
+        void putEncoding(String key, EncodingInfo info) {
+            _encodingDynamicTable.put(key, info);
         }
     }
 
@@ -457,7 +561,6 @@
         return codePoint;
     }
 
-    private static final HashMap _encodingTableKeyJava = new HashMap();
-    private static final HashMap _encodingTableKeyMime = new HashMap();
-    private static final EncodingInfo[] _encodings = loadEncodingInfo();
+    private final static EncodingInfos _encodingInfos = new EncodingInfos();
+
 }
--- a/src/com/sun/org/apache/xml/internal/serializer/utils/URI.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xml/internal/serializer/utils/URI.java	Fri May 17 10:07:23 2013 -0700
@@ -23,7 +23,7 @@
 package com.sun.org.apache.xml.internal.serializer.utils;
 
 import java.io.IOException;
-import java.io.Serializable;
+import java.util.Objects;
 
 
 /**
@@ -863,7 +863,7 @@
   public String getSchemeSpecificPart()
   {
 
-    StringBuffer schemespec = new StringBuffer();
+    final StringBuilder schemespec = new StringBuilder();
 
     if (m_userinfo != null || m_host != null || m_port != -1)
     {
@@ -955,7 +955,7 @@
                         boolean p_includeFragment)
   {
 
-    StringBuffer pathString = new StringBuffer(m_path);
+    final StringBuilder pathString = new StringBuilder(m_path);
 
     if (p_includeQueryString && m_queryString != null)
     {
@@ -1321,6 +1321,7 @@
    * @return true if p_test is a URI with all values equal to this
    *         URI, false otherwise
    */
+  @Override
   public boolean equals(Object p_test)
   {
 
@@ -1343,15 +1344,29 @@
     return false;
   }
 
+  @Override
+  public int hashCode() {
+    int hash = 5;
+    hash = 41 * hash + Objects.hashCode(this.m_scheme);
+    hash = 41 * hash + Objects.hashCode(this.m_userinfo);
+    hash = 41 * hash + Objects.hashCode(this.m_host);
+    hash = 41 * hash + this.m_port;
+    hash = 41 * hash + Objects.hashCode(this.m_path);
+    hash = 41 * hash + Objects.hashCode(this.m_queryString);
+    hash = 41 * hash + Objects.hashCode(this.m_fragment);
+    return hash;
+  }
+
   /**
    * Get the URI as a string specification. See RFC 2396 Section 5.2.
    *
    * @return the URI string specification
    */
+  @Override
   public String toString()
   {
 
-    StringBuffer uriSpecString = new StringBuffer();
+    final StringBuilder uriSpecString = new StringBuilder();
 
     if (m_scheme != null)
     {
@@ -1543,7 +1558,7 @@
    *
    *
    * @param p_char the character to check
-   * @return true if the char is betweeen '0' and '9', 'a' and 'f'
+   * @return true if the char is between '0' and '9', 'a' and 'f'
    *         or 'A' and 'F', false otherwise
    */
   private static boolean isHex(char p_char)
--- a/src/com/sun/org/apache/xml/internal/utils/URI.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xml/internal/utils/URI.java	Fri May 17 10:07:23 2013 -0700
@@ -27,6 +27,7 @@
 
 import com.sun.org.apache.xml.internal.res.XMLErrorResources;
 import com.sun.org.apache.xml.internal.res.XMLMessages;
+import java.util.Objects;
 
 /**
  * A class to represent a Uniform Resource Identifier (URI). This class
@@ -883,7 +884,7 @@
   public String getSchemeSpecificPart()
   {
 
-    StringBuffer schemespec = new StringBuffer();
+    final StringBuilder schemespec = new StringBuilder();
 
     if (m_userinfo != null || m_host != null || m_port != -1)
     {
@@ -975,7 +976,7 @@
                         boolean p_includeFragment)
   {
 
-    StringBuffer pathString = new StringBuffer(m_path);
+    final StringBuilder pathString = new StringBuilder(m_path);
 
     if (p_includeQueryString && m_queryString != null)
     {
@@ -1341,6 +1342,7 @@
    * @return true if p_test is a URI with all values equal to this
    *         URI, false otherwise
    */
+  @Override
   public boolean equals(Object p_test)
   {
 
@@ -1363,15 +1365,29 @@
     return false;
   }
 
+  @Override
+  public int hashCode() {
+    int hash = 7;
+    hash = 59 * hash + Objects.hashCode(this.m_scheme);
+    hash = 59 * hash + Objects.hashCode(this.m_userinfo);
+    hash = 59 * hash + Objects.hashCode(this.m_host);
+    hash = 59 * hash + this.m_port;
+    hash = 59 * hash + Objects.hashCode(this.m_path);
+    hash = 59 * hash + Objects.hashCode(this.m_queryString);
+    hash = 59 * hash + Objects.hashCode(this.m_fragment);
+    return hash;
+  }
+
   /**
    * Get the URI as a string specification. See RFC 2396 Section 5.2.
    *
    * @return the URI string specification
    */
+  @Override
   public String toString()
   {
 
-    StringBuffer uriSpecString = new StringBuffer();
+    final StringBuilder uriSpecString = new StringBuilder();
 
     if (m_scheme != null)
     {
--- a/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java	Fri May 17 10:07:23 2013 -0700
@@ -22,17 +22,17 @@
  */
 package com.sun.org.apache.xml.internal.utils;
 
+import com.sun.org.apache.xalan.internal.XalanConstants;
+import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
 import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
-import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
 import java.util.HashMap;
-
+import javax.xml.XMLConstants;
 import javax.xml.parsers.FactoryConfigurationError;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.parsers.SAXParserFactory;
-
+import org.xml.sax.SAXException;
 import org.xml.sax.XMLReader;
 import org.xml.sax.helpers.XMLReaderFactory;
-import org.xml.sax.SAXException;
 
 /**
  * Creates XMLReader objects and caches them for re-use.
@@ -63,6 +63,11 @@
     private HashMap m_inUse;
 
     private boolean m_useServicesMechanism = true;
+     /**
+     * protocols allowed for external DTD references in source file and/or stylesheet.
+     */
+    private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
+
     /**
      * Hidden constructor
      */
@@ -131,6 +136,7 @@
                 try {
                     reader.setFeature(NAMESPACES_FEATURE, true);
                     reader.setFeature(NAMESPACE_PREFIXES_FEATURE, false);
+                    reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD);
                 } catch (SAXException se) {
                     // Try to carry on if we've got a parser that
                     // doesn't know about namespace prefixes.
@@ -181,4 +187,22 @@
         m_useServicesMechanism = flag;
     }
 
+    /**
+     * Get property value
+     */
+    public String getProperty(String name) {
+        if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
+            return _accessExternalDTD;
+        }
+        return null;
+    }
+
+    /**
+     * Set property.
+     */
+    public void setProperty(String name, String value) {
+        if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
+            _accessExternalDTD = (String)value;
+        }
+    }
 }
--- a/src/com/sun/org/apache/xpath/internal/Arg.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/org/apache/xpath/internal/Arg.java	Fri May 17 10:07:23 2013 -0700
@@ -24,6 +24,7 @@
 
 import com.sun.org.apache.xml.internal.utils.QName;
 import com.sun.org.apache.xpath.internal.objects.XObject;
+import java.util.Objects;
 
 /**
  * This class holds an instance of an argument on
@@ -182,7 +183,7 @@
   {
 
     m_qname = new QName("");
-    ;  // so that string compares can be done.
+       // so that string compares can be done.
     m_val = null;
     m_expression = null;
     m_isVisible = true;
@@ -223,6 +224,11 @@
     m_expression = null;
   }
 
+    @Override
+    public int hashCode() {
+        return Objects.hashCode(this.m_qname);
+    }
+
   /**
    * Equality function specialized for the variable name.  If the argument
    * is not a qname, it will deligate to the super class.
@@ -231,6 +237,7 @@
    * @return  <code>true</code> if this object is the same as the obj
    *          argument; <code>false</code> otherwise.
    */
+  @Override
   public boolean equals(Object obj)
   {
     if(obj instanceof QName)
--- a/src/com/sun/xml/internal/stream/StaxXMLInputSource.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/com/sun/xml/internal/stream/StaxXMLInputSource.java	Fri May 17 10:07:23 2013 -0700
@@ -43,6 +43,9 @@
     XMLEventReader fEventReader ;
     XMLInputSource fInputSource ;
 
+    //indicate if the source is resolved by a resolver
+    boolean fHasResolver = false;
+
     /** Creates a new instance of StaxXMLInputSource */
     public StaxXMLInputSource(XMLStreamReader streamReader) {
         fStreamReader = streamReader ;
@@ -57,6 +60,12 @@
         fInputSource = inputSource ;
 
     }
+
+    public StaxXMLInputSource(XMLInputSource inputSource, boolean hasResolver){
+        fInputSource = inputSource ;
+        fHasResolver = hasResolver;
+    }
+
     public XMLStreamReader getXMLStreamReader(){
         return fStreamReader ;
     }
@@ -72,4 +81,8 @@
     public boolean hasXMLStreamOrXMLEventReader(){
         return (fStreamReader == null) && (fEventReader == null) ? false : true ;
     }
+
+    public boolean hasResolver() {
+        return fHasResolver;
+    }
 }
--- a/src/javax/xml/XMLConstants.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/javax/xml/XMLConstants.java	Fri May 17 10:07:23 2013 -0700
@@ -73,7 +73,7 @@
      * <p>The official XML Namespace name URI.</p>
      *
      * <p>Defined by the XML specification to be
-     * "<code>http://www.w3.org/XML/1998/namespace</code>".</p>
+     * "{@code http://www.w3.org/XML/1998/namespace}".</p>
      *
      * @see <a
      * href="http://www.w3.org/TR/REC-xml-names/#ns-qualnames">
@@ -85,7 +85,7 @@
     /**
      * <p>The official XML Namespace prefix.</p>
      *
-     * <p>Defined by the XML specification to be "<code>xml</code>".</p>
+     * <p>Defined by the XML specification to be "{@code xml}".</p>
      *
      * @see <a
      * href="http://www.w3.org/TR/REC-xml-names/#ns-qualnames">
@@ -99,7 +99,7 @@
      * XMLConstants.XMLNS_ATTRIBUTE}, Namespace name URI.</p>
      *
      * <p>Defined by the XML specification to be
-     * "<code>http://www.w3.org/2000/xmlns/</code>".</p>
+     * "{@code http://www.w3.org/2000/xmlns/}".</p>
      *
      * @see <a
      * href="http://www.w3.org/TR/REC-xml-names/#ns-qualnames">
@@ -117,7 +117,7 @@
      *
      * <p>It is <strong><em>NOT</em></strong> valid to use as a
      * prefix.  Defined by the XML specification to be
-     * "<code>xmlns</code>".</p>
+     * "{@code xmlns}".</p>
      *
      * @see <a
      * href="http://www.w3.org/TR/REC-xml-names/#ns-qualnames">
@@ -128,7 +128,7 @@
     /**
      * <p>W3C XML Schema Namespace URI.</p>
      *
-     * <p>Defined to be "<code>http://www.w3.org/2001/XMLSchema</code>".
+     * <p>Defined to be "{@code http://www.w3.org/2001/XMLSchema}".
      *
      * @see <a href=
      *  "http://www.w3.org/TR/xmlschema-1/#Instance_Document_Constructions">
@@ -141,7 +141,7 @@
     /**
      * <p>W3C XML Schema Instance Namespace URI.</p>
      *
-     * <p>Defined to be "<code>http://www.w3.org/2001/XMLSchema-instance</code>".</p>
+     * <p>Defined to be "{@code http://www.w3.org/2001/XMLSchema-instance}".</p>
      *
      * @see <a href=
      *  "http://www.w3.org/TR/xmlschema-1/#Instance_Document_Constructions">
@@ -154,7 +154,7 @@
         /**
          * <p>W3C XPath Datatype Namespace URI.</p>
          *
-         * <p>Defined to be "<code>http://www.w3.org/2003/11/xpath-datatypes</code>".</p>
+         * <p>Defined to be "{@code http://www.w3.org/2003/11/xpath-datatypes}".</p>
          *
          * @see <a href="http://www.w3.org/TR/xpath-datamodel">XQuery 1.0 and XPath 2.0 Data Model</a>
          */
@@ -163,14 +163,14 @@
     /**
      * <p>XML Document Type Declaration Namespace URI as an arbitrary value.</p>
      *
-     * <p>Since not formally defined by any existing standard, arbitrarily define to be "<code>http://www.w3.org/TR/REC-xml</code>".
+     * <p>Since not formally defined by any existing standard, arbitrarily define to be "{@code http://www.w3.org/TR/REC-xml}".
      */
     public static final String XML_DTD_NS_URI = "http://www.w3.org/TR/REC-xml";
 
         /**
          * <p>RELAX NG Namespace URI.</p>
          *
-         * <p>Defined to be "<code>http://relaxng.org/ns/structure/1.0</code>".</p>
+         * <p>Defined to be "{@code http://relaxng.org/ns/structure/1.0}".</p>
          *
          * @see <a href="http://relaxng.org/spec-20011203.html">RELAX NG Specification</a>
          */
@@ -181,14 +181,212 @@
          *
          * <ul>
          *   <li>
-         *     <code>true</code> instructs the implementation to process XML securely.
+         *     {@code true} instructs the implementation to process XML securely.
          *     This may set limits on XML constructs to avoid conditions such as denial of service attacks.
          *   </li>
          *   <li>
-         *     <code>false</code> instructs the implementation to process XML acording the letter of the XML specifications
-         *     ingoring security issues such as limits on XML constructs to avoid conditions such as denial of service attacks.
+         *     {@code false} instructs the implementation to process XML in accordance with the XML specifications
+         *     ignoring security issues such as limits on XML constructs to avoid conditions such as denial of service attacks.
          *   </li>
          * </ul>
          */
         public static final String FEATURE_SECURE_PROCESSING = "http://javax.xml.XMLConstants/feature/secure-processing";
+
+
+        /**
+         * <p>Property: accessExternalDTD</p>
+         *
+         * <p>
+         * Restrict access to external DTDs and external Entity References to the protocols specified.
+         * If access is denied due to the restriction of this property, a runtime exception that
+         * is specific to the context is thrown. In the case of {@link javax.xml.parsers.SAXParser}
+         * for example, {@link org.xml.sax.SAXException} is thrown.
+         * </p>
+         *
+         * <p>
+         * <b>Value: </b> a list of protocols separated by comma. A protocol is the scheme portion of a
+         * {@link java.net.URI}, or in the case of the JAR protocol, "jar" plus the scheme portion
+         * separated by colon.
+         * A scheme is defined as:
+         *
+         * <blockquote>
+         * scheme = alpha *( alpha | digit | "+" | "-" | "." )<br>
+         * where alpha = a-z and A-Z.<br><br>
+         *
+         * And the JAR protocol:<br>
+         *
+         * jar[:scheme]<br><br>
+         *
+         * Protocols including the keyword "jar" are case-insensitive. Any whitespaces as defined by
+         * {@link java.lang.Character#isSpaceChar } in the value will be ignored.
+         * Examples of protocols are file, http, jar:file.
+         *
+         * </blockquote>
+         *</p>
+         *
+         *<p>
+         * <b>Default value:</b> The default value is implementation specific and therefore not specified.
+         * The following options are provided for consideration:
+         * <blockquote>
+         * <UL>
+         *     <LI>an empty string to deny all access to external references;</LI>
+         *     <LI>a specific protocol, such as file, to give permission to only the protocol;</LI>
+         *     <LI>the keyword "all" to grant  permission to all protocols.</LI>
+         *</UL><br>
+         *      When FEATURE_SECURE_PROCESSING is enabled,  it is recommended that implementations
+         *      restrict external connections by default, though this may cause problems for applications
+         *      that process XML/XSD/XSL with external references.
+         * </blockquote>
+         * </p>
+         *
+         * <p>
+         * <b>Granting all access:</b>  the keyword "all" grants permission to all protocols.
+         * </p>
+         * <p>
+         * <b>System Property:</b> The value of this property can be set or overridden by
+         * system property {@code javax.xml.accessExternalDTD}.
+         * </p>
+         *
+         * <p>
+         * <b>${JAVA_HOME}/lib/jaxp.properties:</b> This configuration file is in standard
+         * {@link java.util.Properties} format. If the file exists and the system property is specified,
+         * its value will be used to override the default of the property.
+         * </p>
+         *
+         * <p>
+         *
+         * </p>
+         * @since 1.7
+         */
+        public static final String ACCESS_EXTERNAL_DTD = "http://javax.xml.XMLConstants/property/accessExternalDTD";
+
+        /**
+         * <p>Property: accessExternalSchema</p>
+         *
+         * <p>
+         * Restrict access to the protocols specified for external reference set by the
+         * schemaLocation attribute, Import and Include element. If access is denied
+         * due to the restriction of this property, a runtime exception that is specific
+         * to the context is thrown. In the case of {@link javax.xml.validation.SchemaFactory}
+         * for example, org.xml.sax.SAXException is thrown.
+         * </p>
+         * <p>
+         * <b>Value:</b> a list of protocols separated by comma. A protocol is the scheme portion of a
+         * {@link java.net.URI}, or in the case of the JAR protocol, "jar" plus the scheme portion
+         * separated by colon.
+         * A scheme is defined as:
+         *
+         * <blockquote>
+         * scheme = alpha *( alpha | digit | "+" | "-" | "." )<br>
+         * where alpha = a-z and A-Z.<br><br>
+         *
+         * And the JAR protocol:<br>
+         *
+         * jar[:scheme]<br><br>
+         *
+         * Protocols including the keyword "jar" are case-insensitive. Any whitespaces as defined by
+         * {@link java.lang.Character#isSpaceChar } in the value will be ignored.
+         * Examples of protocols are file, http, jar:file.
+         *
+         * </blockquote>
+         *</p>
+         *
+         *<p>
+         * <b>Default value:</b> The default value is implementation specific and therefore not specified.
+         * The following options are provided for consideration:
+         * <blockquote>
+         * <UL>
+         *     <LI>an empty string to deny all access to external references;</LI>
+         *     <LI>a specific protocol, such as file, to give permission to only the protocol;</LI>
+         *     <LI>the keyword "all" to grant  permission to all protocols.</LI>
+         *</UL><br>
+         *      When FEATURE_SECURE_PROCESSING is enabled,  it is recommended that implementations
+         *      restrict external connections by default, though this may cause problems for applications
+         *      that process XML/XSD/XSL with external references.
+         * </blockquote>
+         * </p>
+         * <p>
+         * <b>Granting all access:</b>  the keyword "all" grants permission to all protocols.
+         * </p>
+         *
+         * <p>
+         * <b>System Property:</b> The value of this property can be set or overridden by
+         * system property {@code javax.xml.accessExternalSchema}
+         * </p>
+         *
+         * <p>
+         * <b>${JAVA_HOME}/lib/jaxp.properties:</b> This configuration file is in standard
+         * java.util.Properties format. If the file exists and the system property is specified,
+         * its value will be used to override the default of the property.
+         *
+         * @since 1.7
+         * </p>
+         */
+        public static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema";
+
+        /**
+         * <p>Property: accessExternalStylesheet</p>
+         *
+         * <p>
+         * Restrict access to the protocols specified for external references set by the
+         * stylesheet processing instruction, Import and Include element, and document function.
+         * If access is denied due to the restriction of this property, a runtime exception
+         * that is specific to the context is thrown. In the case of constructing new
+         * {@link javax.xml.transform.Transformer} for example,
+         * {@link javax.xml.transform.TransformerConfigurationException}
+         * will be thrown by the {@link javax.xml.transform.TransformerFactory}.
+         * </p>
+         * <p>
+         * <b>Value:</b> a list of protocols separated by comma. A protocol is the scheme portion of a
+         * {@link java.net.URI}, or in the case of the JAR protocol, "jar" plus the scheme portion
+         * separated by colon.
+         * A scheme is defined as:
+         *
+         * <blockquote>
+         * scheme = alpha *( alpha | digit | "+" | "-" | "." )<br>
+         * where alpha = a-z and A-Z.<br><br>
+         *
+         * And the JAR protocol:<br>
+         *
+         * jar[:scheme]<br><br>
+         *
+         * Protocols including the keyword "jar" are case-insensitive. Any whitespaces as defined by
+         * {@link java.lang.Character#isSpaceChar } in the value will be ignored.
+         * Examples of protocols are file, http, jar:file.
+         *
+         * </blockquote>
+         *</p>
+         *
+         *<p>
+         * <b>Default value:</b> The default value is implementation specific and therefore not specified.
+         * The following options are provided for consideration:
+         * <blockquote>
+         * <UL>
+         *     <LI>an empty string to deny all access to external references;</LI>
+         *     <LI>a specific protocol, such as file, to give permission to only the protocol;</LI>
+         *     <LI>the keyword "all" to grant  permission to all protocols.</LI>
+         *</UL><br>
+         *      When FEATURE_SECURE_PROCESSING is enabled,  it is recommended that implementations
+         *      restrict external connections by default, though this may cause problems for applications
+         *      that process XML/XSD/XSL with external references.
+         * </blockquote>
+         * </p>
+         * <p>
+         * <b>Granting all access:</b>  the keyword "all" grants permission to all protocols.
+         * </p>
+         *
+         * <p>
+         * <b>System Property:</b> The value of this property can be set or overridden by
+         * system property {@code javax.xml.accessExternalStylesheet}
+         * </p>
+         *
+         * <p>
+         * <b>${JAVA_HOME}/lib/jaxp.properties: </b> This configuration file is in standard
+         * java.util.Properties format. If the file exists and the system property is specified,
+         * its value will be used to override the default of the property.
+         *
+         * @since 1.7
+         */
+        public static final String ACCESS_EXTERNAL_STYLESHEET = "http://javax.xml.XMLConstants/property/accessExternalStylesheet";
+
 }
--- a/src/javax/xml/parsers/DocumentBuilderFactory.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/javax/xml/parsers/DocumentBuilderFactory.java	Fri May 17 10:07:23 2013 -0700
@@ -351,6 +351,31 @@
     /**
      * Allows the user to set specific attributes on the underlying
      * implementation.
+     * <p>
+     * All implementations that implement JAXP 1.5 or newer are required to
+     * support the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} and
+     * {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} properties.
+     * </p>
+     * <ul>
+     *   <li>
+     *      <p>
+     *      Setting the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} property
+     *      restricts the access to external DTDs, external Entity References to the
+     *      protocols specified by the property.
+     *      If access is denied during parsing due to the restriction of this property,
+     *      {@link org.xml.sax.SAXException} will be thrown by the parse methods defined by
+     *      {@link javax.xml.parsers.DocumentBuilder}.
+     *      </p>
+     *      <p>
+     *      Setting the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} property
+     *      restricts the access to external Schema set by the schemaLocation attribute to
+     *      the protocols specified by the property.  If access is denied during parsing
+     *      due to the restriction of this property, {@link org.xml.sax.SAXException}
+     *      will be thrown by the parse methods defined by
+     *      {@link javax.xml.parsers.DocumentBuilder}.
+     *      </p>
+     *   </li>
+     * </ul>
      *
      * @param name The name of the attribute.
      * @param value The value of the attribute.
--- a/src/javax/xml/parsers/SAXParser.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/javax/xml/parsers/SAXParser.java	Fri May 17 10:07:23 2013 -0700
@@ -441,6 +441,29 @@
      * A list of the core features and properties can be found at
      * <a href="http://sax.sourceforge.net/?selected=get-set">
      * http://sax.sourceforge.net/?selected=get-set</a>.</p>
+     * <p>
+     * All implementations that implement JAXP 1.5 or newer are required to
+     * support the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} and
+     * {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} properties.
+     * </p>
+     * <ul>
+     *   <li>
+     *      <p>
+     *      Setting the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} property
+     *      restricts the access to external DTDs, external Entity References to
+     *      the protocols specified by the property.  If access is denied during parsing
+     *      due to the restriction of this property, {@link org.xml.sax.SAXException}
+     *      will be thrown by the parse methods defined by {@link javax.xml.parsers.SAXParser}.
+     *      </p>
+     *      <p>
+     *      Setting the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} property
+     *      restricts the access to external Schema set by the schemaLocation attribute to
+     *      the protocols specified by the property.  If access is denied during parsing
+     *      due to the restriction of this property, {@link org.xml.sax.SAXException}
+     *      will be thrown by the parse methods defined by the {@link javax.xml.parsers.SAXParser}.
+     *      </p>
+     *   </li>
+     * </ul>
      *
      * @param name The name of the property to be set.
      * @param value The value of the property to be set.
--- a/src/javax/xml/stream/XMLInputFactory.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/javax/xml/stream/XMLInputFactory.java	Fri May 17 10:07:23 2013 -0700
@@ -433,9 +433,26 @@
   public abstract void setXMLReporter(XMLReporter reporter);
 
   /**
-   * Allows the user to set specific feature/property on the underlying implementation. The underlying implementation
-   * is not required to support every setting of every property in the specification and may use IllegalArgumentException
-   * to signal that an unsupported property may not be set with the specified value.
+   * Allows the user to set specific feature/property on the underlying
+   * implementation. The underlying implementation is not required to support
+   * every setting of every property in the specification and may use
+   * IllegalArgumentException to signal that an unsupported property may not be
+   * set with the specified value.
+   * <p>
+   * All implementations that implement JAXP 1.5 or newer are required to
+   * support the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} property.
+   * </p>
+   * <ul>
+   *   <li>
+   *        <p>
+   *        Access to external DTDs, external Entity References is restricted to the
+   *        protocols specified by the property. If access is denied during parsing
+   *        due to the restriction of this property, {@link javax.xml.stream.XMLStreamException}
+   *        will be thrown by the {@link javax.xml.stream.XMLStreamReader#next()} or
+   *        {@link javax.xml.stream.XMLEventReader#nextEvent()} method.
+   *        </p>
+   *   </li>
+   * </ul>
    * @param name The name of the property (may not be null)
    * @param value The value of the property
    * @throws java.lang.IllegalArgumentException if the property is not supported
--- a/src/javax/xml/transform/TransformerFactory.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/javax/xml/transform/TransformerFactory.java	Fri May 17 10:07:23 2013 -0700
@@ -325,6 +325,46 @@
      * be an option that the implementation provides.
      * An <code>IllegalArgumentException</code> is thrown if the underlying
      * implementation doesn't recognize the attribute.
+     * <p>
+     * All implementations that implement JAXP 1.5 or newer are required to
+     * support the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD}  and
+     * {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_STYLESHEET} properties.
+     * </p>
+     * <ul>
+     *   <li>
+     *      <p>
+     *      Access to external DTDs in the source file is restricted to the protocols
+     *      specified by the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} property.
+     *      If access is denied during transformation due to the restriction of this property,
+     *      {@link javax.xml.transform.TransformerException} will be thrown by
+     *      {@link javax.xml.transform.Transformer#transform(Source, Result)}.
+     *      </p>
+     *      <p>
+     *      Access to external DTDs in the stylesheet is restricted to the protocols
+     *      specified by the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} property.
+     *      If access is denied during the creation of a new transformer due to the
+     *      restriction of this property,
+     *      {@link javax.xml.transform.TransformerConfigurationException} will be thrown
+     *      by the {@link #newTransformer(Source)} method.
+     *      </p>
+     *      <p>
+     *      Access to external reference set by the stylesheet processing instruction,
+     *      Import and Include element is restricted to the protocols specified by the
+     *      {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_STYLESHEET} property.
+     *      If access is denied during the creation of a new transformer due to the
+     *      restriction of this property,
+     *      {@link javax.xml.transform.TransformerConfigurationException} will be thrown
+     *      by the {@link #newTransformer(Source)} method.
+     *      </p>
+     *      <p>
+     *      Access to external document through XSLT document function is restricted
+     *      to the protocols specified by the property. If access is denied during
+     *      the transformation due to the restriction of this property,
+     *      {@link javax.xml.transform.TransformerException} will be thrown by the
+     *      {@link javax.xml.transform.Transformer#transform(Source, Result)} method.
+     *      </p>
+     *   </li>
+     * </ul>
      *
      * @param name The name of the attribute.
      * @param value The value of the attribute.
--- a/src/javax/xml/validation/SchemaFactory.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/javax/xml/validation/SchemaFactory.java	Fri May 17 10:07:23 2013 -0700
@@ -390,8 +390,44 @@
      * possible for a {@link SchemaFactory} to recognize a property name but
      * to be unable to change the current value.</p>
      *
-     * <p>{@link SchemaFactory}s are not required to recognize setting
-     * any specific property names.</p>
+     * <p>
+     * All implementations that implement JAXP 1.5 or newer are required to
+     * support the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} and
+     * {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} properties.
+     * </p>
+     * <ul>
+     *   <li>
+     *      <p>Access to external DTDs in Schema files is restricted to the protocols
+     *      specified by the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} property.
+     *      If access is denied during the creation of new Schema due to the restriction
+     *      of this property, {@link org.xml.sax.SAXException} will be thrown by the
+     *      {@link #newSchema(Source)} or {@link #newSchema(File)}
+     *      or {@link #newSchema(URL)} or  or {@link #newSchema(Source[])} method.</p>
+     *
+     *      <p>Access to external DTDs in xml source files is restricted to the protocols
+     *      specified by the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} property.
+     *      If access is denied during validation due to the restriction
+     *      of this property, {@link org.xml.sax.SAXException} will be thrown by the
+     *      {@link javax.xml.validation.Validator#validate(Source)} or
+     *      {@link javax.xml.validation.Validator#validate(Source, Result)} method.</p>
+     *
+     *      <p>Access to external reference set by the schemaLocation attribute is
+     *      restricted to the protocols specified by the
+     *      {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} property.
+     *      If access is denied during validation due to the restriction of this property,
+     *      {@link org.xml.sax.SAXException} will be thrown by the
+     *      {@link javax.xml.validation.Validator#validate(Source)} or
+     *      {@link javax.xml.validation.Validator#validate(Source, Result)} method.</p>
+     *
+     *      <p>Access to external reference set by the Import
+     *      and Include element is restricted to the protocols specified by the
+     *      {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} property.
+     *      If access is denied during the creation of new Schema due to the restriction
+     *      of this property, {@link org.xml.sax.SAXException} will be thrown by the
+     *      {@link #newSchema(Source)} or {@link #newSchema(File)}
+     *      or {@link #newSchema(URL)} or {@link #newSchema(Source[])} method.</p>
+     *   </li>
+     * </ul>
      *
      * @param name The property name, which is a non-null fully-qualified URI.
      * @param object The requested value for the property.
--- a/src/javax/xml/validation/Validator.java	Thu May 16 12:14:49 2013 -0700
+++ b/src/javax/xml/validation/Validator.java	Fri May 17 10:07:23 2013 -0700
@@ -440,8 +440,27 @@
      * in specific contexts, such as before, during, or after
      * a validation.</p>
      *
-     * <p>{@link Validator}s are not required to recognize setting
-     * any specific property names.</p>
+     * <p>
+     * All implementations that implement JAXP 1.5 or newer are required to
+     * support the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} and
+     * {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} properties.
+     * </p>
+     * <ul>
+     *   <li>
+     *      <p>Access to external DTDs in source or Schema file is restricted to
+     *      the protocols specified by the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD}
+     *      property.  If access is denied during validation due to the restriction
+     *      of this property, {@link org.xml.sax.SAXException} will be thrown by the
+     *      {@link #validate(Source)} method.</p>
+     *
+     *      <p>Access to external reference set by the schemaLocation attribute is
+     *      restricted to the protocols specified by the
+     *      {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} property.
+     *      If access is denied during validation due to the restriction of this property,
+     *      {@link org.xml.sax.SAXException} will be thrown by the
+     *      {@link #validate(Source)} method.</p>
+     *   </li>
+     * </ul>
      *
      * @param name The property name, which is a non-null fully-qualified URI.
      * @param object The requested value for the property.