ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dalibor topic <>
Subject Re: Early Access builds of JDK 8u112 b03, JDK 9 b128 are available on
Date Mon, 01 Aug 2016 14:54:45 GMT

On 31.07.2016 10:27, Stefan Bodewig wrote:
> Hi all
> Ant's master branch is down to a single test failure apart from the JAI
> problems on my local machine.


> An error I've overlooked when I initially
> reported the problems I've found
> It looks as if <>
> was back. You can't use Xalan's redirect extension when a
> SecurityManager is set.
> The reason is that since JAXP 1.4 XMLConstants.FEATURE_SECURE_PROCESSING
> has been introduced and this one gets enabled (and you can't disable it)
> if a SecurityManager is set. The fix we applied back then is a hack that
> sets _isNotSecureProcessing in TransformerFactoryImpl via reflection -
> this works fine for JDK 7 and 8, but breaks now.

Yeah, that's by design - the module system in JDK 9 prevents such hacks to
internal classes. Please see for details
and escape hatches.

As far as not being able to use XSLT extensions when secure processing 
is enabled, that's been the case since JAXP 1.4: , while 
FEATURE_SECURE_PROCESSING itself was introduced with JAXP 1.3:

. Finally, JAXP 1.5 documents SecurityManager setting 

If you need to do insecure XSLT processing, then

may be relevant.

> Rather than adding another layer of reflection (likely need to undo the
> changes to _featureManager from
> ) I'd prefer to figure out a way that allows the following scenario:
> * User is using an IDE which has enabled a SecurityManager to run
>   Ant
> * User wants to run an XSLT transform that uses Xalan's redirect
>   extension
> without any hacks. Running Ant's <junitreport> is one example of such a
> transform.

I think core-libs-dev@openjdk would be a good place to solicit feedback 
in this case.

> PS and completely unrelated: while adding support for javac's -h option
> I realized the option wasn't mentioned inside javac's manual page at
> all. Only javac -help talks about it.

Please see and related 

dalibor topic
<> Dalibor Topic | Principal Product Manager
Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961

ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher

<> Oracle is committed to developing
practices and products that help protect the environment

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message