Last Ant Test Failure with JDK9 - JAXP Secure Processing and XSLT Extensions

Stefan Bodewig bodewig at
Sun Aug 28 17:03:14 UTC 2016


I've been told to ask for advice here.

Over the past few weeks we've adapted the Apache Ant code base to JDK 9
well enough that Ant's own test suite works - almost.

The onyl remaining issue really goes back to Java 1.7 and JAXP 1.4 when
secure processing was introduced. If you are running an XSLT transform
and it needs extensions - say the Xalan redirect extension - you can't
do it if a SecurityManager has been set.

This is causing quite a few problems for users running Ant from within
IDEs which typically install SecurityManagers. One such instance it
Ant's own <junitreport> task which uses XSLT and the redirect extension.

Back in Java 1.7 we "solved" the problem with a hack. We simply disable
secure processing mode via reflection

The module system now breaks the hack as we can no longer access the
necessary field via reflection.

Before we try to find new clever or stupid workarounds we may as well
ask for advice on how to do it properly.

This is our use-case: The user wants to execute Ant's <xslt>-Task from
within Eclipse which has installed a SecurityManager and the transform
requires an extension. How can we make this work?



More information about the core-libs-dev mailing list