Relationship with the SecurityManager

The JAXP properties will be checked first before a connection is attempted whether or not a SecurityManager is present. This means that a connection may be blocked even if it is granted permission by the SecurityManager. For example, if the JAXP properties are set to disallow the http protocol, they will effectively block any connection attempt even when an application has SocketPermission.

For the purpose of restricting connections, the SecurityManager can be views as being at a lower level. Permissions will be checked after the JAXP properties are evaluated. If an application does not have SocketPermission for example, then a SecurityException will be thrown even if the JAXP properties are set to allow a http connection.

When SecurityManager is present, the JAXP FEATURE_SECURE_PROCESSING is set to true. This behavior will not turn on the new restrictions.