[jira] [Commented] (CAMEL-18492) Enterprise Feature of Saxon is Disabled in Camel 3.x versions.
[
https://issues.apache.org/jira/browse/CAMEL-18492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17602629#comment-17602629
]
Claus Ibsen commented on CAMEL-18492:
-
Yeah we can add an option to xslt-saxon endpoint where you can configure this.
And also on component so you can set it once globally for xslt-saxon
> Enterprise Feature of Saxon is Disabled in Camel 3.x versions.
> --
>
> Key: CAMEL-18492
> URL: https://issues.apache.org/jira/browse/CAMEL-18492
> Project: Camel
> Issue Type: Improvement
> Components: camel-saxon, camel-xslt
>Affects Versions: 3.0.0
>Reporter: Harish Annamalai
>Priority: Minor
>
> Hi All,
> We use Camel-Saxon for one of our product. We use Saxon Enterprise Edition
> 9.9.1.6.
> We are migrating our product from camel 2.x to camel 3.x (2.24 to 3.15 to be
> exact).
> We use a paid feature of Saxon; Invoking *External Java Functions* in XSL
> Transformations.
> We also *Extension Functions,* which we pass to camel-xslt-saxon component.
> What we have observed in camel 3.x versions and above, In class
> {{{*}XsltSaxonEndpoint{*}.java}} During the registration of extension
> functions, at line 202, {{registerSaxonExtensionFunctions}} method of
> {{{*}XsltSaxonHelper{*}.java}} is called.
>
> In XsltSaxonHelper.class, the method,
> {{{}registerSaxonExtensionFunctions{}}}, at line 55, sets a feature of
> {*}XMLConstants.FEATURE_SECURE_PROCESSING{*}.
> Unfortunately, Setting this Feature disables the External Java Function
> calls.
> We checked in Camel 2.x versions, this Feature is not set and therefore the
> External Java Calls work fine.
>
> We see this as a bug - The Feature *XMLConstants.FEATURE_SECURE_PROCESSING*
> is being introduced in 3.x and breaks a paid/Enterprise feature of Saxon.
>
> Sample Code to test:
> {{import javax.xml.XMLConstants;}}
> {{import javax.xml.transform.Transformer;}}
> {{import javax.xml.transform.TransformerException;}}
> {{import javax.xml.transform.TransformerFactory;}}
> {{import javax.xml.transform.stream.StreamResult;}}
> {{import javax.xml.transform.stream.StreamSource;}}
> {{import java.io.File;}}
> {{public class SaxonTransformationTester {}}
> {{ public static void main(String[] args) throws TransformerException {}}
> {{ String foo_xml = "src/main/resources/in.xml"; // input xml}}
> {{ String foo_xsl = "src/main/resources/transf.xml"; // input xsl}}
> {{ EnterpriseTransformerFactory eef =
> SaxonEEConsumerFactory.getEnterpriseTransformerFactoryInstance();}}
> {{
> eef.getConfiguration().getConfigurationProperty(Feature.ALLOW_EXTERNAL_FUNCTIONS);}}
> {{ eef.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); //This
> causes External Functions to break}}
> {{
> eef.getConfiguration().setConfigurationProperty("http://saxon.sf.net/feature/trace-external-functions;,
> false);}}
> {{ Transformer transformer = eef.newTransformer(new StreamSource(}}
> {{ new File(foo_xsl)));}}
> {{ transformer.transform(new StreamSource(new File(foo_xml)),}}
> {{ new StreamResult(System.out));}}
> {{ }}}
> {{}}}
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (CAMEL-18492) Enterprise Feature of Saxon is Disabled in Camel 3.x versions.
[
https://issues.apache.org/jira/browse/CAMEL-18492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17602301#comment-17602301
]
Andrea Cosentino commented on CAMEL-18492:
--
So maybe we should make it configurable and set to true by default. [~davsclaus]
> Enterprise Feature of Saxon is Disabled in Camel 3.x versions.
> --
>
> Key: CAMEL-18492
> URL: https://issues.apache.org/jira/browse/CAMEL-18492
> Project: Camel
> Issue Type: Bug
> Components: camel-saxon, camel-xslt
>Affects Versions: 3.0.0
>Reporter: Harish Annamalai
>Priority: Major
>
> Hi All,
> We use Camel-Saxon for one of our product. We use Saxon Enterprise Edition
> 9.9.1.6.
> We are migrating our product from camel 2.x to camel 3.x (2.24 to 3.15 to be
> exact).
> We use a paid feature of Saxon; Invoking *External Java Functions* in XSL
> Transformations.
> We also *Extension Functions,* which we pass to camel-xslt-saxon component.
> What we have observed in camel 3.x versions and above, In class
> {{{*}XsltSaxonEndpoint{*}.java}} During the registration of extension
> functions, at line 202, {{registerSaxonExtensionFunctions}} method of
> {{{*}XsltSaxonHelper{*}.java}} is called.
>
> In XsltSaxonHelper.class, the method,
> {{{}registerSaxonExtensionFunctions{}}}, at line 55, sets a feature of
> {*}XMLConstants.FEATURE_SECURE_PROCESSING{*}.
> Unfortunately, Setting this Feature disables the External Java Function
> calls.
> We checked in Camel 2.x versions, this Feature is not set and therefore the
> External Java Calls work fine.
>
> We see this as a bug - The Feature *XMLConstants.FEATURE_SECURE_PROCESSING*
> is being introduced in 3.x and breaks a paid/Enterprise feature of Saxon.
>
> Sample Code to test:
> {{import javax.xml.XMLConstants;}}
> {{import javax.xml.transform.Transformer;}}
> {{import javax.xml.transform.TransformerException;}}
> {{import javax.xml.transform.TransformerFactory;}}
> {{import javax.xml.transform.stream.StreamResult;}}
> {{import javax.xml.transform.stream.StreamSource;}}
> {{import java.io.File;}}
> {{public class SaxonTransformationTester {}}
> {{ public static void main(String[] args) throws TransformerException {}}
> {{ String foo_xml = "src/main/resources/in.xml"; // input xml}}
> {{ String foo_xsl = "src/main/resources/transf.xml"; // input xsl}}
> {{ EnterpriseTransformerFactory eef =
> SaxonEEConsumerFactory.getEnterpriseTransformerFactoryInstance();}}
> {{
> eef.getConfiguration().getConfigurationProperty(Feature.ALLOW_EXTERNAL_FUNCTIONS);}}
> {{ eef.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); //This
> causes External Functions to break}}
> {{
> eef.getConfiguration().setConfigurationProperty("http://saxon.sf.net/feature/trace-external-functions;,
> false);}}
> {{ Transformer transformer = eef.newTransformer(new StreamSource(}}
> {{ new File(foo_xsl)));}}
> {{ transformer.transform(new StreamSource(new File(foo_xml)),}}
> {{ new StreamResult(System.out));}}
> {{ }}}
> {{}}}
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (CAMEL-18492) Enterprise Feature of Saxon is Disabled in Camel 3.x versions.
[
https://issues.apache.org/jira/browse/CAMEL-18492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17602300#comment-17602300
]
Andrea Cosentino commented on CAMEL-18492:
--
As a side note even Michael Kay comments about this on Stack Overflow that this
feature is widely misunderstood
https://stackoverflow.com/questions/51378748/extension-functions-cannot-be-used-when-secure-feature-proccesing-is-set-to-true
> Enterprise Feature of Saxon is Disabled in Camel 3.x versions.
> --
>
> Key: CAMEL-18492
> URL: https://issues.apache.org/jira/browse/CAMEL-18492
> Project: Camel
> Issue Type: Bug
> Components: camel-saxon, camel-xslt
>Affects Versions: 3.0.0
>Reporter: Harish Annamalai
>Priority: Major
>
> Hi All,
> We use Camel-Saxon for one of our product. We use Saxon Enterprise Edition
> 9.9.1.6.
> We are migrating our product from camel 2.x to camel 3.x (2.24 to 3.15 to be
> exact).
> We use a paid feature of Saxon; Invoking *External Java Functions* in XSL
> Transformations.
> We also *Extension Functions,* which we pass to camel-xslt-saxon component.
> What we have observed in camel 3.x versions and above, In class
> {{{*}XsltSaxonEndpoint{*}.java}} During the registration of extension
> functions, at line 202, {{registerSaxonExtensionFunctions}} method of
> {{{*}XsltSaxonHelper{*}.java}} is called.
>
> In XsltSaxonHelper.class, the method,
> {{{}registerSaxonExtensionFunctions{}}}, at line 55, sets a feature of
> {*}XMLConstants.FEATURE_SECURE_PROCESSING{*}.
> Unfortunately, Setting this Feature disables the External Java Function
> calls.
> We checked in Camel 2.x versions, this Feature is not set and therefore the
> External Java Calls work fine.
>
> We see this as a bug - The Feature *XMLConstants.FEATURE_SECURE_PROCESSING*
> is being introduced in 3.x and breaks a paid/Enterprise feature of Saxon.
>
> Sample Code to test:
> {{import javax.xml.XMLConstants;}}
> {{import javax.xml.transform.Transformer;}}
> {{import javax.xml.transform.TransformerException;}}
> {{import javax.xml.transform.TransformerFactory;}}
> {{import javax.xml.transform.stream.StreamResult;}}
> {{import javax.xml.transform.stream.StreamSource;}}
> {{import java.io.File;}}
> {{public class SaxonTransformationTester {}}
> {{ public static void main(String[] args) throws TransformerException {}}
> {{ String foo_xml = "src/main/resources/in.xml"; // input xml}}
> {{ String foo_xsl = "src/main/resources/transf.xml"; // input xsl}}
> {{ EnterpriseTransformerFactory eef =
> SaxonEEConsumerFactory.getEnterpriseTransformerFactoryInstance();}}
> {{
> eef.getConfiguration().getConfigurationProperty(Feature.ALLOW_EXTERNAL_FUNCTIONS);}}
> {{ eef.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); //This
> causes External Functions to break}}
> {{
> eef.getConfiguration().setConfigurationProperty("http://saxon.sf.net/feature/trace-external-functions;,
> false);}}
> {{ Transformer transformer = eef.newTransformer(new StreamSource(}}
> {{ new File(foo_xsl)));}}
> {{ transformer.transform(new StreamSource(new File(foo_xml)),}}
> {{ new StreamResult(System.out));}}
> {{ }}}
> {{}}}
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (CAMEL-18492) Enterprise Feature of Saxon is Disabled in Camel 3.x versions.
[
https://issues.apache.org/jira/browse/CAMEL-18492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17602297#comment-17602297
]
Andrea Cosentino commented on CAMEL-18492:
--
It's a security best practice to the FEATURE_SECURE_PROCESSING to true.
> Enterprise Feature of Saxon is Disabled in Camel 3.x versions.
> --
>
> Key: CAMEL-18492
> URL: https://issues.apache.org/jira/browse/CAMEL-18492
> Project: Camel
> Issue Type: Bug
> Components: camel-saxon, camel-xslt
>Affects Versions: 3.0.0
>Reporter: Harish Annamalai
>Priority: Major
>
> Hi All,
> We use Camel-Saxon for one of our product. We use Saxon Enterprise Edition
> 9.9.1.6.
> We are migrating our product from camel 2.x to camel 3.x (2.24 to 3.15 to be
> exact).
> We use a paid feature of Saxon; Invoking *External Java Functions* in XSL
> Transformations.
> We also *Extension Functions,* which we pass to camel-xslt-saxon component.
> What we have observed in camel 3.x versions and above, In class
> {{{*}XsltSaxonEndpoint{*}.java}} During the registration of extension
> functions, at line 202, {{registerSaxonExtensionFunctions}} method of
> {{{*}XsltSaxonHelper{*}.java}} is called.
>
> In XsltSaxonHelper.class, the method,
> {{{}registerSaxonExtensionFunctions{}}}, at line 55, sets a feature of
> {*}XMLConstants.FEATURE_SECURE_PROCESSING{*}.
> Unfortunately, Setting this Feature disables the External Java Function
> calls.
> We checked in Camel 2.x versions, this Feature is not set and therefore the
> External Java Calls work fine.
>
> We see this as a bug - The Feature *XMLConstants.FEATURE_SECURE_PROCESSING*
> is being introduced in 3.x and breaks a paid/Enterprise feature of Saxon.
>
> Sample Code to test:
> {{import javax.xml.XMLConstants;}}
> {{import javax.xml.transform.Transformer;}}
> {{import javax.xml.transform.TransformerException;}}
> {{import javax.xml.transform.TransformerFactory;}}
> {{import javax.xml.transform.stream.StreamResult;}}
> {{import javax.xml.transform.stream.StreamSource;}}
> {{import java.io.File;}}
> {{public class SaxonTransformationTester {}}
> {{ public static void main(String[] args) throws TransformerException {}}
> {{ String foo_xml = "src/main/resources/in.xml"; // input xml}}
> {{ String foo_xsl = "src/main/resources/transf.xml"; // input xsl}}
> {{ EnterpriseTransformerFactory eef =
> SaxonEEConsumerFactory.getEnterpriseTransformerFactoryInstance();}}
> {{
> eef.getConfiguration().getConfigurationProperty(Feature.ALLOW_EXTERNAL_FUNCTIONS);}}
> {{ eef.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); //This
> causes External Functions to break}}
> {{
> eef.getConfiguration().setConfigurationProperty("http://saxon.sf.net/feature/trace-external-functions;,
> false);}}
> {{ Transformer transformer = eef.newTransformer(new StreamSource(}}
> {{ new File(foo_xsl)));}}
> {{ transformer.transform(new StreamSource(new File(foo_xml)),}}
> {{ new StreamResult(System.out));}}
> {{ }}}
> {{}}}
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
