Last Ant Test Failure with JDK9 - JAXP Secure Processing and XSLT Extensions

Joe Wang at
Mon Aug 29 18:43:41 UTC 2016

Hi Stefan,

If you are using the built-in extension functions, try turning on the 
following feature:
     private static final String ENABLE_EXTENSION_FUNCTIONS = 
     tf.setFeature(ENABLE_EXTENSION_FUNCTIONS, true);

If you are using user-extension functions, then add the following:
     private static final String EXTENSION_CLASS_LOADER = 
     tf.setAttribute(EXTENSION_CLASS_LOADER, cl);

where cl is the user-specified ClassLoader that will load external 
extension function classes, e.g.
                 runWithPermission(() -> 

HTH, and please let me know if it works for you.


On 8/28/16, 10:03 AM, Stefan Bodewig wrote:
> Hi,
> I've been told to ask for advice here.
> Over the past few weeks we've adapted the Apache Ant code base to JDK 9
> well enough that Ant's own test suite works - almost.
> The onyl remaining issue really goes back to Java 1.7 and JAXP 1.4 when
> secure processing was introduced. If you are running an XSLT transform
> and it needs extensions - say the Xalan redirect extension - you can't
> do it if a SecurityManager has been set.
> This is causing quite a few problems for users running Ant from within
> IDEs which typically install SecurityManagers. One such instance it
> Ant's own<junitreport>  task which uses XSLT and the redirect extension.
> Back in Java 1.7 we "solved" the problem with a hack. We simply disable
> secure processing mode via reflection
> The module system now breaks the hack as we can no longer access the
> necessary field via reflection.
> Before we try to find new clever or stupid workarounds we may as well
> ask for advice on how to do it properly.
> This is our use-case: The user wants to execute Ant's<xslt>-Task from
> within Eclipse which has installed a SecurityManager and the transform
> requires an extension. How can we make this work?
> Cheers
>          Stefan

More information about the core-libs-dev mailing list