You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ant.apache.org by bu...@apache.org on 2017/08/08 03:56:32 UTC
[Bug 61389] New: Loading Stylesheet -
'xalan://java.lang.String:replaceAll' is not allowed when the secure
processing feature is set to true.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61389
Bug ID: 61389
Summary: Loading Stylesheet -
'xalan://java.lang.String:replaceAll' is not allowed
when the secure processing feature is set to true.
Product: Ant
Version: 1.10.1
Hardware: PC
Status: NEW
Severity: critical
Priority: P2
Component: Optional Tasks
Assignee: notifications@ant.apache.org
Reporter: sarika.sinha@in.ibm.com
Target Milestone: ---
Eclipse Scripts fail to to load stylesheets with JDK 9 and Ant 1.10.1
javax.xml.transform.TransformerException: java.lang.RuntimeException: Use of
the extension function 'xalan://java.lang.String:replaceAll' is not allowed
when the secure processing feature is set to true.
at
org.apache.tools.ant.taskdefs.XSLTProcess.handleTransformationError(XSLTProcess.java:1449)
at
org.apache.tools.ant.taskdefs.XSLTProcess.process(XSLTProcess.java:856)
at
org.apache.tools.ant.taskdefs.XSLTProcess.execute(XSLTProcess.java:437)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:293)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at
org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
at org.apache.tools.ant.Task.perform(Task.java:348)
at org.apache.tools.ant.Target.execute(Target.java:435)
at org.apache.tools.ant.Target.performTasks(Target.java:456)
at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1405)
at
org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(SingleCheckExecutor.java:38)
at
org.eclipse.ant.internal.launching.remote.EclipseSingleCheckExecutor.executeTargets(EclipseSingleCheckExecutor.java:34)
at org.apache.tools.ant.Project.executeTargets(Project.java:1260)
at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:441)
... 17 more
Caused by: javax.xml.transform.TransformerException:
java.lang.RuntimeException: Use of the extension function
'xalan://java.lang.String:replaceAll' is not allowed when the secure processing
feature is set to true.
at
java.xml/com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:790)
at
java.xml/com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:377)
at
org.apache.tools.ant.taskdefs.optional.TraXLiaison.transform(TraXLiaison.java:205)
at
org.apache.tools.ant.taskdefs.XSLTProcess.process(XSLTProcess.java:847)
... 32 more
Caused by: java.lang.RuntimeException: Use of the extension function
'xalan://java.lang.String:replaceAll' is not allowed when the secure processing
feature is set to true.
at
java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime.BasisLibrary.runTimeError(BasisLibrary.java:1621)
at
java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime.BasisLibrary.runTimeError(BasisLibrary.java:1625)
at
java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime.BasisLibrary.unallowed_extension_functionF(BasisLibrary.java:453)
at jdk.translet/die.verwandlung.JUNIT.JS$dash$escape()
at jdk.translet/die.verwandlung.JUNIT.template$dot$5()
at jdk.translet/die.verwandlung.JUNIT.applyTemplates()
at jdk.translet/die.verwandlung.JUNIT.template$dot$0()
at jdk.translet/die.verwandlung.JUNIT.applyTemplates()
at jdk.translet/die.verwandlung.JUNIT.applyTemplates()
at jdk.translet/die.verwandlung.JUNIT.transform()
at
java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet.transform(AbstractTranslet.java:624)
at
java.xml/com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:783)
... 35 more
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 61389] Loading Stylesheet -
'xalan://java.lang.String:replaceAll' is not allowed when the secure
processing feature is set to true.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61389
--- Comment #6 from Stefan Bodewig <bo...@apache.org> ---
The Java7/8 hack is still in place and used unless Ant detects it is running on
Java9+. So you don't need to set the feature.
Unfortunately I assume trying to set the feature on Java8 may fail, so setting
it unconditionally could cause problems on older JVMs. I'm not sure, though,
the feature may as well simply get ignored and all would be well.
For org.apache.tools.ant.taskdefs.optional.junit.AggregateTransformer we only
set it if we detect Java9 and are sure the XSLT processor is the one of the
classlib and not a manually configured Xalan.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 61389] Loading Stylesheet -
'xalan://java.lang.String:replaceAll' is not allowed when the secure
processing feature is set to true.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61389
Stefan Bodewig <bo...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #4 from Stefan Bodewig <bo...@apache.org> ---
any news?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 61389] Loading Stylesheet -
'xalan://java.lang.String:replaceAll' is not allowed when the secure
processing feature is set to true.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61389
Sarika Sinha <sa...@in.ibm.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
--- Comment #5 from Sarika Sinha <sa...@in.ibm.com> ---
Yes, we are able to with by using
factory.setFeature("http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions",
Boolean.TRUE);
Can we use this for Java 8 as well as I see it mentioned on the help page that
there was a hack for Java8 and Java7 which doesn't work now.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 61389] Loading Stylesheet -
'xalan://java.lang.String:replaceAll' is not allowed when the secure
processing feature is set to true.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61389
--- Comment #8 from Sarika Sinha <sa...@in.ibm.com> ---
When we run Eclipse in headless mode we are getting this exception -
[xslt] Failed to load org.apache.xalan.processor.TransformerFactoryImpl via the
configured classpath, will try Ant's classpath instead.
[xslt] Failed to process null
So problem I suppose is that
java.xml/com.sun.org.apache.xalan.internal.xsltc.trax containing
TransformerFactoryImpl in Java 9 is not exported in java.xml module.
So we tried adding --add-exports
java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED where we call
Eclipse java program in headless mode.
Can you suggest where to set this attribute or how to provide this information
to xslt?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 61389] Loading Stylesheet -
'xalan://java.lang.String:replaceAll' is not allowed when the secure
processing feature is set to true.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61389
--- Comment #2 from Stefan Bodewig <bo...@apache.org> ---
We had a similar problem with our own unit tests, see bug 60060
http://ant.apache.org/manual/Tasks/style.html says:
> Note on XSLT extension functions: when using the default TraX implementation of the Java class library and a SecurityManager is active - e.g. when running from within an IDE - XSLT extension functions cannot be used as "secure processing" is active in Java 7 and above. Ant contains a special "hack" that allows XSLT extensions to be used in Java 7 and 8, but this hack fails for Java 9. If you want to use extensions like the redirect extension that are provided by the Java class library itself, you can allow them by enabling the feature http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions in Java 9 and above. If you need to use an extension function not provided by Java itself you can set the attribute jdk.xml.transform.extensionClassLoader to a classloader (reference to an Ant PATH-like structure).
Have you tried setting
http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions to true?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 61389] Loading Stylesheet -
'xalan://java.lang.String:replaceAll' is not allowed when the secure
processing feature is set to true.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61389
Sarika Sinha <sa...@in.ibm.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
--- Comment #1 from Sarika Sinha <sa...@in.ibm.com> ---
Eclipse Bug -
https://bugs.eclipse.org/bugs/show_bug.cgi?id=506430
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 61389] Loading Stylesheet -
'xalan://java.lang.String:replaceAll' is not allowed when the secure
processing feature is set to true.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61389
--- Comment #10 from Sarika Sinha <sa...@in.ibm.com> ---
Thanks Stefan for the suggestion, Yes using the default factory worked out.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 61389] Loading Stylesheet -
'xalan://java.lang.String:replaceAll' is not allowed when the secure
processing feature is set to true.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61389
--- Comment #9 from Stefan Bodewig <bo...@apache.org> ---
(In reply to Sarika Sinha from comment #8)
> When we run Eclipse in headless mode we are getting this exception -
> [xslt] Failed to load org.apache.xalan.processor.TransformerFactoryImpl via
> the configured classpath, will try Ant's classpath instead.
> [xslt] Failed to process null
This means the class "org.apache.xalan.processor.TransformerFactoryImpl" hasn't
been found. This seems to be the "name" attribute you've provided to the
factory element of your xslt task.
This is not the class name of the transformer provided by JDK9 as far as I
know. It is the name Apache Xalan would use when you add Xalan to your task's
classpath.
> So problem I suppose is that
> java.xml/com.sun.org.apache.xalan.internal.xsltc.trax containing
> TransformerFactoryImpl in Java 9 is not exported in java.xml module.
> So we tried adding --add-exports
> java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED where we
> call Eclipse java program in headless mode.
If you anted to use that, you must certainly use the correct package in the
name attribute as well.
> Can you suggest where to set this attribute or how to provide this
> information to xslt?
My first suggestion is to not specify a name attribute for the factory at all
but rather do with the default provided by the Jvaa runtime.
I must admit I haven't got any idea why things should be different in headless
mode.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 61389] Loading Stylesheet -
'xalan://java.lang.String:replaceAll' is not allowed when the secure
processing feature is set to true.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61389
Sarika Sinha <sa...@in.ibm.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED
--- Comment #7 from Sarika Sinha <sa...@in.ibm.com> ---
Thanks for the help.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 61389] Loading Stylesheet -
'xalan://java.lang.String:replaceAll' is not allowed when the secure
processing feature is set to true.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61389
--- Comment #3 from Sarika Sinha <sa...@in.ibm.com> ---
Will try out the option.
--
You are receiving this mail because:
You are the assignee for the bug.