ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dalibor topic <dalibor.to...@oracle.com>
Subject Re: Early Access builds of JDK 8u112 b03, JDK 9 b128 are available on java.net
Date Mon, 01 Aug 2016 14:54:45 GMT


On 31.07.2016 10:27, Stefan Bodewig wrote:
> Hi all
>
> Ant's master branch is down to a single test failure apart from the JAI
> problems on my local machine.

Great!

> An error I've overlooked when I initially
> reported the problems I've found
>
> It looks as if <https://bz.apache.org/bugzilla/show_bug.cgi?id=52382>
> was back. You can't use Xalan's redirect extension when a
> SecurityManager is set.
>
> The reason is that since JAXP 1.4 XMLConstants.FEATURE_SECURE_PROCESSING
> has been introduced and this one gets enabled (and you can't disable it)
> if a SecurityManager is set. The fix we applied back then is a hack that
> sets _isNotSecureProcessing in TransformerFactoryImpl via reflection -
> this works fine for JDK 7 and 8, but breaks now.

Yeah, that's by design - the module system in JDK 9 prevents such hacks to
internal classes. Please see http://openjdk.java.net/jeps/261 for details
and escape hatches.

As far as not being able to use XSLT extensions when secure processing 
is enabled, that's been the case since JAXP 1.4: 
https://jaxp.java.net/1.4/JAXP-Compatibility.html#JAXP_security , while 
FEATURE_SECURE_PROCESSING itself was introduced with JAXP 1.3: 
http://docs.oracle.com/javase/1.5.0/docs/guide/xml/jaxp/JAXP-Compatibility_150.html#JAXP_security

. Finally, JAXP 1.5 documents SecurityManager setting 
FEATURE_SECURE_PROCESSING here: 
https://jaxp.java.net/1.5/JAXP1.5Guide.html#JAXP1.5Documentation%2CGuide-5RelationshipwiththeSecurityManageroftheJavaplatform

If you need to do insecure XSLT processing, then 
http://camel.465427.n5.nabble.com/XMLConstants-FEATURE-SECURE-PROCESSING-feature-setting-in-jboss-fuse-6-1-td5750712.html

may be relevant.

> Rather than adding another layer of reflection (likely need to undo the
> changes to _featureManager from
> http://hg.openjdk.java.net/jdk9/jdk9/jaxp/file/057e5d7f6572/src/java.xml/share/classes/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java#l259
> ) I'd prefer to figure out a way that allows the following scenario:
>
> * User is using an IDE which has enabled a SecurityManager to run
>   Ant
> * User wants to run an XSLT transform that uses Xalan's redirect
>   extension
>
> without any hacks. Running Ant's <junitreport> is one example of such a
> transform.

I think core-libs-dev@openjdk would be a good place to solicit feedback 
in this case.

> PS and completely unrelated: while adding support for javac's -h option
> I realized the option wasn't mentioned inside javac's manual page at
> all. Only javac -help talks about it.

Please see https://bugs.openjdk.java.net/browse/JDK-8065825 and related 
issues.

cheers,
dalibor topic
-- 
<http://www.oracle.com> Dalibor Topic | Principal Product Manager
Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961
<tel:+491737185961>

ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher

<http://www.oracle.com/commitment> Oracle is committed to developing
practices and products that help protect the environment

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message