Last Ant Test Failure with JDK9 - JAXP Secure Processing and XSLT Extensions
huizhe.wang at oracle.com
Mon Aug 29 18:43:41 UTC 2016
If you are using the built-in extension functions, try turning on the
private static final String ENABLE_EXTENSION_FUNCTIONS =
If you are using user-extension functions, then add the following:
private static final String EXTENSION_CLASS_LOADER =
where cl is the user-specified ClassLoader that will load external
extension function classes, e.g.
HTH, and please let me know if it works for you.
On 8/28/16, 10:03 AM, Stefan Bodewig wrote:
> I've been told to ask for advice here.
> Over the past few weeks we've adapted the Apache Ant code base to JDK 9
> well enough that Ant's own test suite works - almost.
> The onyl remaining issue really goes back to Java 1.7 and JAXP 1.4 when
> secure processing was introduced. If you are running an XSLT transform
> and it needs extensions - say the Xalan redirect extension - you can't
> do it if a SecurityManager has been set.
> This is causing quite a few problems for users running Ant from within
> IDEs which typically install SecurityManagers. One such instance it
> Ant's own<junitreport> task which uses XSLT and the redirect extension.
> Back in Java 1.7 we "solved" the problem with a hack. We simply disable
> secure processing mode via reflection
> The module system now breaks the hack as we can no longer access the
> necessary field via reflection.
> Before we try to find new clever or stupid workarounds we may as well
> ask for advice on how to do it properly.
> This is our use-case: The user wants to execute Ant's<xslt>-Task from
> within Eclipse which has installed a SecurityManager and the transform
> requires an extension. How can we make this work?
More information about the core-libs-dev