RFR: JAXP 1.5 for JDK8/7u40: 8016648: FEATURE_SECURE_PROCESSING set to true or false causes SAXParseException to be thrown

huizhe wang huizhe.wang at oracle.com
Mon Jul 1 18:33:56 UTC 2013

On 7/1/2013 8:44 AM, Alan Bateman wrote:
> On 01/07/2013 09:09, huizhe wang wrote:
>> Hi,
>> There have been two revisions in JAXP 1.5 specification: 1)  the 
>> relationship between the JAXP 1.5 properties and 
>> FEATURE_SECURE_PROCESSING (FSP) is now a recommendation. It is up to 
>> the implementation to decide if it wants to restrict when FSP is 
>> set.  2) System properties will override that may have been set by FSP.
>> In the following patch, a JDK version detection code is added so that 
>> when FSP is set explicitly, for JDK7, there will be no restrictions, 
>> but for JDK8 and above,  the restrictions are on.
>> The effective order is changed so that JAXP 1.5 defined system 
>> properties will override that may be set by enabling FSP.
>> Please review:
>> http://cr.openjdk.java.net/~joehw/jdk8/8016648/webrev/
>> Note that the patch is identical for JDK7 and 8, and I plan to ask 
>> approval for 7u40 integration.
>> Thanks,
>> Joe
> Are there tests that can be used to verify this (both for 8 and 7u40? 
> Are you confident that tests cover all the overrides scenarios?

I've updated the jaxp 1.5 tests. I'll send a separate link since it's 
internal. Indeed, I missed a couple of scenarios: 1) FSP can be set 
after jaxp 1.5 properties are set through the API; 2) Validator does not 
require, but does support FSP.

> I think isJDKandAbove has the assume the long standing format for 
> java.version. If someone really did change the format to what you are 
> suggesting then the code would fail with a value such as "7.40".

The code does support both the current and possible new format by 
comparing the 0 element, e.g. Integer.parseInt(versions[0]) >= 
compareTo.  But I see Joe's comment provided a better way to handle this.

> In getJAXPSystemProperty's comment then I assume it should be 
> ${java.home}.



> -Alan

More information about the core-libs-dev mailing list