jaxp
  1. jaxp
  2. JAXP-70

JAXP 1.4 (commit #2679) breaks backward compatility

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: current
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:

      OpenJDK or Java 7

      Description

      According to the JAXP documentation, http://jaxp.java.net/1.4/JAXP-Compatibility.html#JAXP_security, is it no longer possible to use XSLT extension functions when a security manager is set. This is a major regression added by JAXP in commit #2679. This limitation does not come from Xerces and the Xerces team seems to agree that it is not a good idea.

      This new and unavoidable behaviour breaks all the applications using a security manager (hello RMI) with no possible workaround. Setting a security manager does not means that the application will parse user provided XML/XSLT files. It should be up to the application to (un)set the secure mode. A method to disable the secure mode even when a security manager is set should be provided.

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Joe Wang
            Reporter:
            cmathieu
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: