Bug 61564: Try to get rid of the Java 9 illegal access warning now that we run Java 8

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1811145 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Dominik Stadler 2017-10-04 19:54:41 +00:00
parent dd23ba89a9
commit 0e52f62a1e
3 changed files with 23 additions and 3 deletions

View File

@ -114,7 +114,7 @@ public final class DocumentHelper {
private static void trySetXercesSecurityManager(DocumentBuilderFactory dbf) {
// Try built-in JVM one first, standalone if not
for (String securityManagerClassName : new String[]{
"com.sun.org.apache.xerces.internal.util.SecurityManager",
//"com.sun.org.apache.xerces.internal.util.SecurityManager",
"org.apache.xerces.util.SecurityManager"
}) {
try {
@ -124,10 +124,15 @@ public final class DocumentHelper {
dbf.setAttribute("http://apache.org/xml/properties/security-manager", mgr);
// Stop once one can be setup without error
return;
} catch (ClassNotFoundException e) {
// continue without log, this is expected in some setups
} catch (Throwable e) { // NOSONAR - also catch things like NoClassDefError here
logger.log(POILogger.WARN, "SAX Security Manager could not be setup", e);
}
}
// separate old version of Xerces not found => use the builtin way of setting the property
dbf.setAttribute("http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit", 4096);
}
/**

View File

@ -95,7 +95,7 @@ public final class SAXHelper {
private static void trySetXercesSecurityManager(XMLReader xmlReader) {
// Try built-in JVM one first, standalone if not
for (String securityManagerClassName : new String[] {
"com.sun.org.apache.xerces.internal.util.SecurityManager",
//"com.sun.org.apache.xerces.internal.util.SecurityManager",
"org.apache.xerces.util.SecurityManager"
}) {
try {
@ -105,6 +105,8 @@ public final class SAXHelper {
xmlReader.setProperty("http://apache.org/xml/properties/security-manager", mgr);
// Stop once one can be setup without error
return;
} catch (ClassNotFoundException e) {
// continue without log, this is expected in some setups
} catch (Throwable e) { // NOSONAR - also catch things like NoClassDefError here
// throttle the log somewhat as it can spam the log otherwise
if(System.currentTimeMillis() > lastLog + TimeUnit.MINUTES.toMillis(5)) {
@ -113,5 +115,16 @@ public final class SAXHelper {
}
}
}
// separate old version of Xerces not found => use the builtin way of setting the property
try {
xmlReader.setProperty("http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit", 4096);
} catch (SAXException e) { // NOSONAR - also catch things like NoClassDefError here
// throttle the log somewhat as it can spam the log otherwise
if(System.currentTimeMillis() > lastLog + TimeUnit.MINUTES.toMillis(5)) {
logger.log(POILogger.WARN, "SAX Security Manager could not be setup [log suppressed for 5 minutes]", e);
lastLog = System.currentTimeMillis();
}
}
}
}

View File

@ -33,6 +33,8 @@ public class TestSAXHelper {
assertNotSame(reader, SAXHelper.newXMLReader());
assertTrue(reader.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING));
assertEquals(SAXHelper.IGNORING_ENTITY_RESOLVER, reader.getEntityResolver());
assertNotNull(reader.getProperty("http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit"));
assertEquals("4096", reader.getProperty("http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit"));
assertNotNull(reader.getProperty("http://apache.org/xml/properties/security-manager"));
reader.parse(new InputSource(new ByteArrayInputStream("<xml></xml>".getBytes("UTF-8"))));