Last Ant Test Failure with JDK9 - JAXP Secure Processing and XSLT Extensions

Joe Wang huizhe.wang at oracle.com
Mon Aug 29 18:43:41 UTC 2016


Hi Stefan,

If you are using the built-in extension functions, try turning on the 
following feature:
     private static final String ENABLE_EXTENSION_FUNCTIONS = 
"http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions";
     tf.setFeature(ENABLE_EXTENSION_FUNCTIONS, true);

If you are using user-extension functions, then add the following:
     private static final String EXTENSION_CLASS_LOADER = 
"jdk.xml.transform.extensionClassLoader";
     tf.setAttribute(EXTENSION_CLASS_LOADER, cl);

where cl is the user-specified ClassLoader that will load external 
extension function classes, e.g.
                 runWithPermission(() -> 
Thread.currentThread().getContextClassLoader())

HTH, and please let me know if it works for you.

Thanks,
Joe

On 8/28/16, 10:03 AM, Stefan Bodewig wrote:
> Hi,
>
> I've been told to ask for advice here.
>
> Over the past few weeks we've adapted the Apache Ant code base to JDK 9
> well enough that Ant's own test suite works - almost.
>
> The onyl remaining issue really goes back to Java 1.7 and JAXP 1.4 when
> secure processing was introduced. If you are running an XSLT transform
> and it needs extensions - say the Xalan redirect extension - you can't
> do it if a SecurityManager has been set.
>
> https://bz.apache.org/bugzilla/show_bug.cgi?id=51668
>
> This is causing quite a few problems for users running Ant from within
> IDEs which typically install SecurityManagers. One such instance it
> Ant's own<junitreport>  task which uses XSLT and the redirect extension.
>
> Back in Java 1.7 we "solved" the problem with a hack. We simply disable
> secure processing mode via reflection
>
> https://github.com/apache/ant/commit/fe829a9d0fa679df3ae2cc4803e5236ed2ed5c7b
>
> The module system now breaks the hack as we can no longer access the
> necessary field via reflection.
>
> Before we try to find new clever or stupid workarounds we may as well
> ask for advice on how to do it properly.
>
> This is our use-case: The user wants to execute Ant's<xslt>-Task from
> within Eclipse which has installed a SecurityManager and the transform
> requires an extension. How can we make this work?
>
> Cheers
>
>          Stefan


More information about the core-libs-dev mailing list