Java System Properties
Quick Reference Guide

org.jcp.xml.dsig.secureValidation Java System Property

The org.jcp.xml.dsig.secureValidation java system property enables or disables the XML Signature secure validation mode.

Default Value

true

On Java 17 and later, secure validation mode is enabled by default. On Java 11 and 8, secure validation mode is enabled by default only when running with a SecurityManager, otherwise it is disabled by default.

Overview of org.jcp.xml.dsig.secureValidation

The org.jcp.xml.dsig.secureValidation system property can be used to enable or disable the XML Signature secure validation mode. Set the value to "true" to enable, or "false" to disable. Any other value is treated as "false".

If the system property is set, it supersedes the XMLCryptoContext property value of the same name.

Disabling secure validation mode is done at your own risk.

Related System Properties

Here are some other XML related Java system properties:

Supported Since

Java has supported the org.jcp.xml.dsig.secureValidation system property since Java 8u401, 11.0.22, 17.0.10, 21.0.2.

Setting org.jcp.xml.dsig.secureValidation on Startup

You can set the org.jcp.xml.dsig.secureValidation java system property during startup of the java runtime using the -D command line argument:

java -Dorg.jcp.xml.dsig.secureValidation=true MyAppMain

You may also be able to specify org.jcp.xml.dsig.secureValidation via the JAVA_TOOL_OPTIONS environment variable:

JAVA_TOOL_OPTIONS=-Dorg.jcp.xml.dsig.secureValidation=true

Setting / Reading org.jcp.xml.dsig.secureValidation at Runtime

You can set org.jcp.xml.dsig.secureValidation at runtime with the following Java code:

System.setProperty("org.jcp.xml.dsig.secureValidation", "true");

WARNING: Depending on the property and JVM version using setProperty may or may not work if the JDK Java class that uses this variable has already been loaded. The value of the org.jcp.xml.dsig.secureValidation system property may be cached within an internal private static variable of the implementing class.

To read the value of org.jcp.xml.dsig.secureValidation at runtime, you can use this Java code:

String propertyValue = System.getProperty("org.jcp.xml.dsig.secureValidation");
if (propertyValue != null) {
    System.out.println("org.jcp.xml.dsig.secureValidation = " + propertyValue);
} else {
    System.out.println("org.jcp.xml.dsig.secureValidation was null");
}


© Foundeo Inc. 2026 - Contact Us