On 31.07.2016 10:27, Stefan Bodewig wrote:
Hi all
Ant's master branch is down to a single test failure apart from the JAI
problems on my local machine.
Great!
An error I've overlooked when I initially
reported the problems I've found
It looks as if <https://bz.apache.org/bugzilla/show_bug.cgi?id=52382>
was back. You can't use Xalan's redirect extension when a
SecurityManager is set.
The reason is that since JAXP 1.4 XMLConstants.FEATURE_SECURE_PROCESSING
has been introduced and this one gets enabled (and you can't disable it)
if a SecurityManager is set. The fix we applied back then is a hack that
sets _isNotSecureProcessing in TransformerFactoryImpl via reflection -
this works fine for JDK 7 and 8, but breaks now.
Yeah, that's by design - the module system in JDK 9 prevents such hacks to
internal classes. Please see http://openjdk.java.net/jeps/261 for details
and escape hatches.
As far as not being able to use XSLT extensions when secure processing
is enabled, that's been the case since JAXP 1.4:
https://jaxp.java.net/1.4/JAXP-Compatibility.html#JAXP_security , while
FEATURE_SECURE_PROCESSING itself was introduced with JAXP 1.3:
http://docs.oracle.com/javase/1.5.0/docs/guide/xml/jaxp/JAXP-Compatibility_150.html#JAXP_security
. Finally, JAXP 1.5 documents SecurityManager setting
FEATURE_SECURE_PROCESSING here:
https://jaxp.java.net/1.5/JAXP1.5Guide.html#JAXP1.5Documentation%2CGuide-5RelationshipwiththeSecurityManageroftheJavaplatform
If you need to do insecure XSLT processing, then
http://camel.465427.n5.nabble.com/XMLConstants-FEATURE-SECURE-PROCESSING-feature-setting-in-jboss-fuse-6-1-td5750712.html
may be relevant.
Rather than adding another layer of reflection (likely need to undo the
changes to _featureManager from
http://hg.openjdk.java.net/jdk9/jdk9/jaxp/file/057e5d7f6572/src/java.xml/share/classes/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java#l259
) I'd prefer to figure out a way that allows the following scenario:
* User is using an IDE which has enabled a SecurityManager to run
Ant
* User wants to run an XSLT transform that uses Xalan's redirect
extension
without any hacks. Running Ant's <junitreport> is one example of such a
transform.
I think core-libs-dev@openjdk would be a good place to solicit feedback
in this case.
PS and completely unrelated: while adding support for javac's -h option
I realized the option wasn't mentioned inside javac's manual page at
all. Only javac -help talks about it.
Please see https://bugs.openjdk.java.net/browse/JDK-8065825 and related
issues.
cheers,
dalibor topic
--
<http://www.oracle.com> Dalibor Topic | Principal Product Manager
Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961
<tel:+491737185961>
ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher
<http://www.oracle.com/commitment> Oracle is committed to developing
practices and products that help protect the environment
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
