JDK 9 RFR of JDK-8149915: enabling validate-annotations feature for xsd schema with annotation causes NPE

Langer, Christoph christoph.langer at sap.com
Tue Feb 16 22:13:28 UTC 2016

Hi Joe,

thanks for your great suggestions. I'll come up with a new webrev tomorrow.

However, I'm still wondering if the change for the default value of XML_SECURITY_PROPERTY_MANAGER in XMLDocumentFragmentScannerImpl should be done anyway as I guess an XMLObject is more expected rather than a String from other places in the code that could make use of such a default...? Is that true?


-----Original Message-----
From: huizhe wang [mailto:huizhe.wang at oracle.com]
Sent: Dienstag, 16. Februar 2016 21:03
To: Langer, Christoph <christoph.langer at sap.com>
Cc: core-libs-dev at openjdk.java.net
Subject: Re: JDK 9 RFR of JDK-8149915: enabling validate-annotations feature for xsd schema with annotation causes NPE

Hi Christoph,

At initialization of XSDHandler (in reset), note there are two local
variables for the security / property manager, change them to instance
variables, then when you need to create annotation validator, set both
on the validator, e.g.:


That should fix the issue.

There are a bunch of rawtypes/unchecked warnings in this class, bonus
but not required :-)

For the test, in the past (jaxp standalone), we've created tests for
each issue, nowadays we'd prefer to consolidate them. We don't have
"SchemaTest" yet, so you may name the test "SchemaTest", then for the
@summary, make it general, e.g. "Test Schema creation", and move the
specific comment to the test case and make it specific to the issue:

     * @bug 8149915
     * Verifies that the annotation validator is initialized with the security manager for schema
     * creation with http://apache.org/xml/features/validate-annotations=true.

     public void testValidation() throws Exception {

The test is new, the copyright year would be "2016," instead of "2014,


On 2/16/2016 4:49 AM, Langer, Christoph wrote:
> Hi,
> can you please review the following change for JDK-8149915:
> http://cr.openjdk.java.net/~clanger/webrevs/8149915.0/
> I'm not sure if it is the right thing to set the default for XML_SECURITY_PROPERTY_MANAGER to a new XMLSecurityPropertyManager() object instead of the String "all". But it must not be a String, I think.
> And also I don't know if my approach to add a field "fSecurityManager" to XML11Configuration.
> Please advise and let me know how I can do it better.
> Thanks in advance and best regards
> Christoph

More information about the core-libs-dev mailing list