Last Ant Test Failure with JDK9 - JAXP Secure Processing and XSLT Extensions
bodewig at apache.org
Tue Aug 30 16:34:02 UTC 2016
On 2016-08-29, Joe Wang wrote:
> If you are using the built-in extension functions, try turning on the
> following feature:
> private static final String ENABLE_EXTENSION_FUNCTIONS =
> tf.setFeature(ENABLE_EXTENSION_FUNCTIONS, true);
This is not supported by Xalan's TransformerFactoryImpl:
/devel/ASF/ant/build.xml:1744: Errors while applying transformations:
javax.xml.transform.TransformerConfigurationException: Cannot set the
When removing Xalan from the classpath and using the JDK's own
TransformerFactory I get
| Error! Use of the extension element 'redirect' is not allowed when the
| secure processing feature is set to true.
even with the feature enabled. So "redirect" -
i.e. xmlns:redirect="http://xml.apache.org/xalan/redirect" - which I
assumed to be "built-in" for the JDK's fork of Xalan as well - doesn't
seem to get through with just that.
> If you are using user-extension functions, then add the following:
> private static final String EXTENSION_CLASS_LOADER =
> tf.setAttribute(EXTENSION_CLASS_LOADER, cl);
> where cl is the user-specified ClassLoader that will load external
> extension function classes, e.g.
> runWithPermission(() ->
This attribute isn't supported by Xalan either.
Testing this further is going to require a bit more of setup, I'll be
traveling the coming days but will give it a try during the weekend.
Unfortunately this is going to be cumbersome for our users as Xalan must
not be on the system classloader (I'd get Xalan's TransformerFactory in
that case) and tasks that didn't require any classpath management
suddenly need a more extensive configration.
More information about the core-libs-dev