diff -r ./jaxb/src/test/java/com/sun/jersey/samples/jaxb/MainTest.java ../../jersey-samples-1.0.3/jaxb/src/test/java/com/sun/jersey/samples/jaxb/MainTest.java
46a47,48
> import java.io.*;
> import java.net.*;
78a81,107
> 		@Test
> 		public void testXXEVulnerability() throws Exception {
> 			String xml = "<!DOCTYPE foo [<!ENTITY xxe SYSTEM \"file:///etc/passwd\">]>" +
> 					"<jaxbXmlRootElement><value>&xxe;</value></jaxbXmlRootElement>";
> 			URL u = new URL("http://localhost:9998/jaxb/XmlRootElement");
> 			URLConnection uc = u.openConnection();
> 			uc.setRequestProperty("Content-Type", "application/xml");
> 			uc.setDoInput(true);
> 			uc.setDoOutput(true);
> 			OutputStreamWriter out = new OutputStreamWriter(uc.getOutputStream());
> 			out.write(xml);
> 			out.flush();
> 			out.close();
> 			InputStream in = uc.getInputStream();
> 			StringBuilder sb = new StringBuilder();
> 			int i = in.read();
> 			while (i > -1) {
> 				sb.append((char) i);
> 				i = in.read();
> 			}
> 			in.close();
> 			String result = sb.toString();
> 			if (result.indexOf("root") > -1) {
> 				fail("XXE Attack succeeded: " + sb);
> 			}
> 		}
>