Hi, I've been told to ask for advice here.
Over the past few weeks we've adapted the Apache Ant code base to JDK 9 well enough that Ant's own test suite works - almost. The onyl remaining issue really goes back to Java 1.7 and JAXP 1.4 when secure processing was introduced. If you are running an XSLT transform and it needs extensions - say the Xalan redirect extension - you can't do it if a SecurityManager has been set. https://bz.apache.org/bugzilla/show_bug.cgi?id=51668 This is causing quite a few problems for users running Ant from within IDEs which typically install SecurityManagers. One such instance it Ant's own <junitreport> task which uses XSLT and the redirect extension. Back in Java 1.7 we "solved" the problem with a hack. We simply disable secure processing mode via reflection https://github.com/apache/ant/commit/fe829a9d0fa679df3ae2cc4803e5236ed2ed5c7b The module system now breaks the hack as we can no longer access the necessary field via reflection. Before we try to find new clever or stupid workarounds we may as well ask for advice on how to do it properly. This is our use-case: The user wants to execute Ant's <xslt>-Task from within Eclipse which has installed a SecurityManager and the transform requires an extension. How can we make this work? Cheers Stefan