We have an application in spring boot+spring integration and we are trying to introduce the XXE attack prevention.
In java code we can make the changes as per the below link https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#SAXTransformerFactory
I have the sample working example in github where the application uses the active mq as queue manager. sample input xml
What kind of changes i can make in the above sample to enable the XXE prevention.
Kindly help me.
This is more of a general answer. . . You can simply introduce your own implementation of the transformer as a bean instead of using the provided XSLT transformer
<int:transformer. . .>
<bean class=".."/>
</int:transformer>
This way you have full control with regard to these type of customizations