8161454: Fails to Load external Java method from inside of a XSL stylesheet if SecurityManager is present

Reviewed-by: aefimov, lancea, dfuchs
2016-09-01 17:03:41 -07:00 · 2016-09-01 17:03:41 -07:00 · 524cb00f82
commit 524cb00f82
parent 76f0a705fc
2 changed files with 115 additions and 5 deletions
--- a/jaxp/src/java.xml/share/classes/jdk/xml/internal/JdkXmlFeatures.java
+++ b/jaxp/src/java.xml/share/classes/jdk/xml/internal/JdkXmlFeatures.java
@ -42,6 +42,9 @@ public class JdkXmlFeatures {
            ORACLE_JAXP_PROPERTY_PREFIX + "enableExtensionFunctions";
    public static final String SP_ENABLE_EXTENSION_FUNCTION =
            "javax.xml.enableExtensionFunctions";
+    // This is the correct name by the spec
+    public static final String SP_ENABLE_EXTENSION_FUNCTION_SPEC =
+            "jdk.xml.enableExtensionFunctions";
    public static final String CATALOG_FEATURES = "javax.xml.catalog.catalogFeatures";

    public final static String PROPERTY_USE_CATALOG = XMLConstants.USE_CATALOG;
@ -49,11 +52,11 @@ public class JdkXmlFeatures {
    public static enum XmlFeature {
        /**
         * Feature enableExtensionFunctions
-         * FSP: extension function is enforced by FSP. When FSP is on, entension
+         * FSP: extension function is enforced by FSP. When FSP is on, extension
         * function is disabled.
         */
        ENABLE_EXTENSION_FUNCTION(ORACLE_ENABLE_EXTENSION_FUNCTION,
-                SP_ENABLE_EXTENSION_FUNCTION, true, false, true, true),
+                SP_ENABLE_EXTENSION_FUNCTION_SPEC, true, false, true, true),
        /**
         * The {@link javax.xml.XMLConstants.USE_CATALOG} feature.
         * FSP: USE_CATALOG is not enforced by FSP.
@ -148,6 +151,30 @@ public class JdkXmlFeatures {

    }

+    /**
+     * Maps old property names with the new ones. This map is used to keep track of
+     * name changes so that old or incorrect names continue to be supported for compatibility.
+     */
+    public static enum NameMap {
+
+        ENABLE_EXTENSION_FUNCTION(SP_ENABLE_EXTENSION_FUNCTION_SPEC, SP_ENABLE_EXTENSION_FUNCTION);
+
+        final String newName;
+        final String oldName;
+
+        NameMap(String newName, String oldName) {
+            this.newName = newName;
+            this.oldName = oldName;
+        }
+
+        String getOldName(String newName) {
+            if (newName.equals(this.newName)) {
+                return oldName;
+            }
+            return null;
+        }
+    }
+
    /**
     * States of the settings of a property, in the order: default value, value
     * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system
@ -316,6 +343,15 @@ public class JdkXmlFeatures {
    private void readSystemProperties() {
        for (XmlFeature feature : XmlFeature.values()) {
            getSystemProperty(feature, feature.systemProperty());
+            if (!getSystemProperty(feature, feature.systemProperty())) {
+                //if system property is not found, try the older form if any
+                for (NameMap nameMap : NameMap.values()) {
+                    String oldName = nameMap.getOldName(feature.systemProperty());
+                    if (oldName != null) {
+                        getSystemProperty(feature, oldName);
+                    }
+                }
+            }
        }
    }

--- a/jaxp/test/javax/xml/jaxp/unittest/transform/XSLTFunctionsTest.java
+++ b/jaxp/test/javax/xml/jaxp/unittest/transform/XSLTFunctionsTest.java
@ -34,11 +34,16 @@ import javax.xml.transform.URIResolver;
 import javax.xml.transform.stream.StreamResult;
 import javax.xml.transform.stream.StreamSource;

+import org.testng.Assert;
 import org.testng.annotations.DataProvider;
 import org.testng.annotations.Listeners;
 import org.testng.annotations.Test;

 import static org.testng.Assert.assertEquals;
+import static jaxp.library.JAXPTestUtilities.runWithAllPerm;
+import static jaxp.library.JAXPTestUtilities.clearSystemProperty;
+import static jaxp.library.JAXPTestUtilities.setSystemProperty;
+import static jaxp.library.JAXPTestUtilities.getSystemProperty;

 /*
 * @test
@ -49,9 +54,65 @@ import static org.testng.Assert.assertEquals;
 * @summary This class contains tests for XSLT functions.
 */

-//@Listeners({jaxp.library.BasePolicy.class}) //uncomment this line after 8161454 is resolved
+@Listeners({jaxp.library.BasePolicy.class})
 public class XSLTFunctionsTest {

+    /**
+     * @bug 8161454
+     * Verifies that the new / correct name is supported, as is the old / incorrect
+     * one for compatibility
+     */
+    @Test
+    public void testNameChange() {
+
+        boolean feature;
+        TransformerFactory tf = TransformerFactory.newInstance();
+        feature = tf.getFeature(ORACLE_ENABLE_EXTENSION_FUNCTION);
+        System.out.println("Default setting: " + feature);
+        // The default: true if no SecurityManager, false otherwise
+        Assert.assertTrue(feature == getDefault());
+
+        setSystemProperty(SP_ENABLE_EXTENSION_FUNCTION, getDefaultOpposite());
+        tf = TransformerFactory.newInstance();
+        feature = tf.getFeature(ORACLE_ENABLE_EXTENSION_FUNCTION);
+        System.out.println("After setting " + SP_ENABLE_EXTENSION_FUNCTION + ": " + feature);
+        clearSystemProperty(SP_ENABLE_EXTENSION_FUNCTION);
+        // old/incorrect name is still supported
+        Assert.assertTrue(feature != getDefault());
+
+        setSystemProperty(SP_ENABLE_EXTENSION_FUNCTION_SPEC, getDefaultOpposite());
+        tf = TransformerFactory.newInstance();
+        feature = tf.getFeature(ORACLE_ENABLE_EXTENSION_FUNCTION);
+        System.out.println("After setting " + SP_ENABLE_EXTENSION_FUNCTION_SPEC + ": " + feature);
+        clearSystemProperty(SP_ENABLE_EXTENSION_FUNCTION_SPEC);
+        // new/correct name is effective
+        Assert.assertTrue(feature != getDefault());
+    }
+
+    final boolean isSecure;
+    {
+        String runSecMngr = getSystemProperty("runSecMngr");
+        isSecure = runSecMngr != null && runSecMngr.equals("true");
+    }
+
+    // The default: true if no SecurityManager, false otherwise
+    private boolean getDefault() {
+        if (isSecure) {
+            return false;
+        } else {
+            return true;
+        }
+    }
+
+    // Gets a String value that is opposite to the default value
+    private String getDefaultOpposite() {
+        if (isSecure) {
+            return "true";
+        } else {
+            return "false";
+        }
+    }
+
    /**
     * @bug 8062518 8153082
     * Verifies that a reference to the DTM created by XSLT document function is
@ -72,7 +133,9 @@ public class XSLTFunctionsTest {

        // Create factory and transformer
        TransformerFactory tf = TransformerFactory.newInstance();
-        tf.setFeature("http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions", true);
+        tf.setFeature(ORACLE_ENABLE_EXTENSION_FUNCTION, true);
+        tf.setAttribute(EXTENSION_CLASS_LOADER,
+                runWithAllPerm(() -> Thread.currentThread().getContextClassLoader()));
        Transformer t = tf.newTransformer( xslsrc );
        t.setErrorListener(tf.getErrorListener());

@ -133,5 +196,16 @@ public class XSLTFunctionsTest {

    static final String documentTesteExpectedResult = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
                                                    + "<root>[Test:Doc][Test:External Doc]</root>";
-}

+    public static final String ORACLE_JAXP_PROPERTY_PREFIX =
+        "http://www.oracle.com/xml/jaxp/properties/";
+    /**
+     * Feature enableExtensionFunctions
+     */
+    public static final String ORACLE_ENABLE_EXTENSION_FUNCTION =
+            ORACLE_JAXP_PROPERTY_PREFIX + "enableExtensionFunctions";
+    static final String SP_ENABLE_EXTENSION_FUNCTION = "javax.xml.enableExtensionFunctions";
+    // This is the correct name by the spec
+    static final String SP_ENABLE_EXTENSION_FUNCTION_SPEC = "jdk.xml.enableExtensionFunctions";
+    private static final String EXTENSION_CLASS_LOADER = "jdk.xml.transform.extensionClassLoader";
+}