diff --git a/rules/rules-reviewed/eap7/eap6/tests/data/data-resteasy/JAXBElementProvider.java b/rules/rules-reviewed/eap7/eap6/tests/data/data-resteasy/JAXBElementProvider.java
index 7e33e764..8cd71eee 100644
--- a/rules/rules-reviewed/eap7/eap6/tests/data/data-resteasy/JAXBElementProvider.java
+++ b/rules/rules-reviewed/eap7/eap6/tests/data/data-resteasy/JAXBElementProvider.java
@@ -87,6 +87,14 @@ public JAXBElement<?> readFrom(Class<JAXBElement<?>> type,
             Unmarshaller unmarshaller = jaxb.createUnmarshaller();
             unmarshaller = decorateUnmarshaller(type, annotations, mediaType, unmarshaller);
 
+            // Disable external entity resolution to prevent XXE attacks
+            try {
+                unmarshaller.setProperty(javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD, "");
+                unmarshaller.setProperty(javax.xml.XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
+            } catch (IllegalArgumentException ex) {
+                throw new JAXBUnmarshalException("Failed to disable external entity resolution", ex);
+            }
+
             if (needsSecurity())
             {
                 SecureUnmarshaller unmarshaller1 = new SecureUnmarshaller(unmarshaller, isDisableExternalEntities(), isEnableSecureProcessingFeature(), isDisableDTDs());