[jira] [Commented] (CAMEL-18492) Enterprise Feature of Saxon is Disabled in Camel 3.x versions.
[ https://issues.apache.org/jira/browse/CAMEL-18492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17602629#comment-17602629 ] Claus Ibsen commented on CAMEL-18492: - Yeah we can add an option to xslt-saxon endpoint where you can configure this. And also on component so you can set it once globally for xslt-saxon > Enterprise Feature of Saxon is Disabled in Camel 3.x versions. > -- > > Key: CAMEL-18492 > URL: https://issues.apache.org/jira/browse/CAMEL-18492 > Project: Camel > Issue Type: Improvement > Components: camel-saxon, camel-xslt >Affects Versions: 3.0.0 >Reporter: Harish Annamalai >Priority: Minor > > Hi All, > We use Camel-Saxon for one of our product. We use Saxon Enterprise Edition > 9.9.1.6. > We are migrating our product from camel 2.x to camel 3.x (2.24 to 3.15 to be > exact). > We use a paid feature of Saxon; Invoking *External Java Functions* in XSL > Transformations. > We also *Extension Functions,* which we pass to camel-xslt-saxon component. > What we have observed in camel 3.x versions and above, In class > {{{*}XsltSaxonEndpoint{*}.java}} During the registration of extension > functions, at line 202, {{registerSaxonExtensionFunctions}} method of > {{{*}XsltSaxonHelper{*}.java}} is called. > > In XsltSaxonHelper.class, the method, > {{{}registerSaxonExtensionFunctions{}}}, at line 55, sets a feature of > {*}XMLConstants.FEATURE_SECURE_PROCESSING{*}. > Unfortunately, Setting this Feature disables the External Java Function > calls. > We checked in Camel 2.x versions, this Feature is not set and therefore the > External Java Calls work fine. > > We see this as a bug - The Feature *XMLConstants.FEATURE_SECURE_PROCESSING* > is being introduced in 3.x and breaks a paid/Enterprise feature of Saxon. > > Sample Code to test: > {{import javax.xml.XMLConstants;}} > {{import javax.xml.transform.Transformer;}} > {{import javax.xml.transform.TransformerException;}} > {{import javax.xml.transform.TransformerFactory;}} > {{import javax.xml.transform.stream.StreamResult;}} > {{import javax.xml.transform.stream.StreamSource;}} > {{import java.io.File;}} > {{public class SaxonTransformationTester {}} > {{ public static void main(String[] args) throws TransformerException {}} > {{ String foo_xml = "src/main/resources/in.xml"; // input xml}} > {{ String foo_xsl = "src/main/resources/transf.xml"; // input xsl}} > {{ EnterpriseTransformerFactory eef = > SaxonEEConsumerFactory.getEnterpriseTransformerFactoryInstance();}} > {{ > eef.getConfiguration().getConfigurationProperty(Feature.ALLOW_EXTERNAL_FUNCTIONS);}} > {{ eef.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); //This > causes External Functions to break}} > {{ > eef.getConfiguration().setConfigurationProperty("http://saxon.sf.net/feature/trace-external-functions;, > false);}} > {{ Transformer transformer = eef.newTransformer(new StreamSource(}} > {{ new File(foo_xsl)));}} > {{ transformer.transform(new StreamSource(new File(foo_xml)),}} > {{ new StreamResult(System.out));}} > {{ }}} > {{}}} > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CAMEL-18492) Enterprise Feature of Saxon is Disabled in Camel 3.x versions.
[ https://issues.apache.org/jira/browse/CAMEL-18492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17602301#comment-17602301 ] Andrea Cosentino commented on CAMEL-18492: -- So maybe we should make it configurable and set to true by default. [~davsclaus] > Enterprise Feature of Saxon is Disabled in Camel 3.x versions. > -- > > Key: CAMEL-18492 > URL: https://issues.apache.org/jira/browse/CAMEL-18492 > Project: Camel > Issue Type: Bug > Components: camel-saxon, camel-xslt >Affects Versions: 3.0.0 >Reporter: Harish Annamalai >Priority: Major > > Hi All, > We use Camel-Saxon for one of our product. We use Saxon Enterprise Edition > 9.9.1.6. > We are migrating our product from camel 2.x to camel 3.x (2.24 to 3.15 to be > exact). > We use a paid feature of Saxon; Invoking *External Java Functions* in XSL > Transformations. > We also *Extension Functions,* which we pass to camel-xslt-saxon component. > What we have observed in camel 3.x versions and above, In class > {{{*}XsltSaxonEndpoint{*}.java}} During the registration of extension > functions, at line 202, {{registerSaxonExtensionFunctions}} method of > {{{*}XsltSaxonHelper{*}.java}} is called. > > In XsltSaxonHelper.class, the method, > {{{}registerSaxonExtensionFunctions{}}}, at line 55, sets a feature of > {*}XMLConstants.FEATURE_SECURE_PROCESSING{*}. > Unfortunately, Setting this Feature disables the External Java Function > calls. > We checked in Camel 2.x versions, this Feature is not set and therefore the > External Java Calls work fine. > > We see this as a bug - The Feature *XMLConstants.FEATURE_SECURE_PROCESSING* > is being introduced in 3.x and breaks a paid/Enterprise feature of Saxon. > > Sample Code to test: > {{import javax.xml.XMLConstants;}} > {{import javax.xml.transform.Transformer;}} > {{import javax.xml.transform.TransformerException;}} > {{import javax.xml.transform.TransformerFactory;}} > {{import javax.xml.transform.stream.StreamResult;}} > {{import javax.xml.transform.stream.StreamSource;}} > {{import java.io.File;}} > {{public class SaxonTransformationTester {}} > {{ public static void main(String[] args) throws TransformerException {}} > {{ String foo_xml = "src/main/resources/in.xml"; // input xml}} > {{ String foo_xsl = "src/main/resources/transf.xml"; // input xsl}} > {{ EnterpriseTransformerFactory eef = > SaxonEEConsumerFactory.getEnterpriseTransformerFactoryInstance();}} > {{ > eef.getConfiguration().getConfigurationProperty(Feature.ALLOW_EXTERNAL_FUNCTIONS);}} > {{ eef.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); //This > causes External Functions to break}} > {{ > eef.getConfiguration().setConfigurationProperty("http://saxon.sf.net/feature/trace-external-functions;, > false);}} > {{ Transformer transformer = eef.newTransformer(new StreamSource(}} > {{ new File(foo_xsl)));}} > {{ transformer.transform(new StreamSource(new File(foo_xml)),}} > {{ new StreamResult(System.out));}} > {{ }}} > {{}}} > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CAMEL-18492) Enterprise Feature of Saxon is Disabled in Camel 3.x versions.
[ https://issues.apache.org/jira/browse/CAMEL-18492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17602300#comment-17602300 ] Andrea Cosentino commented on CAMEL-18492: -- As a side note even Michael Kay comments about this on Stack Overflow that this feature is widely misunderstood https://stackoverflow.com/questions/51378748/extension-functions-cannot-be-used-when-secure-feature-proccesing-is-set-to-true > Enterprise Feature of Saxon is Disabled in Camel 3.x versions. > -- > > Key: CAMEL-18492 > URL: https://issues.apache.org/jira/browse/CAMEL-18492 > Project: Camel > Issue Type: Bug > Components: camel-saxon, camel-xslt >Affects Versions: 3.0.0 >Reporter: Harish Annamalai >Priority: Major > > Hi All, > We use Camel-Saxon for one of our product. We use Saxon Enterprise Edition > 9.9.1.6. > We are migrating our product from camel 2.x to camel 3.x (2.24 to 3.15 to be > exact). > We use a paid feature of Saxon; Invoking *External Java Functions* in XSL > Transformations. > We also *Extension Functions,* which we pass to camel-xslt-saxon component. > What we have observed in camel 3.x versions and above, In class > {{{*}XsltSaxonEndpoint{*}.java}} During the registration of extension > functions, at line 202, {{registerSaxonExtensionFunctions}} method of > {{{*}XsltSaxonHelper{*}.java}} is called. > > In XsltSaxonHelper.class, the method, > {{{}registerSaxonExtensionFunctions{}}}, at line 55, sets a feature of > {*}XMLConstants.FEATURE_SECURE_PROCESSING{*}. > Unfortunately, Setting this Feature disables the External Java Function > calls. > We checked in Camel 2.x versions, this Feature is not set and therefore the > External Java Calls work fine. > > We see this as a bug - The Feature *XMLConstants.FEATURE_SECURE_PROCESSING* > is being introduced in 3.x and breaks a paid/Enterprise feature of Saxon. > > Sample Code to test: > {{import javax.xml.XMLConstants;}} > {{import javax.xml.transform.Transformer;}} > {{import javax.xml.transform.TransformerException;}} > {{import javax.xml.transform.TransformerFactory;}} > {{import javax.xml.transform.stream.StreamResult;}} > {{import javax.xml.transform.stream.StreamSource;}} > {{import java.io.File;}} > {{public class SaxonTransformationTester {}} > {{ public static void main(String[] args) throws TransformerException {}} > {{ String foo_xml = "src/main/resources/in.xml"; // input xml}} > {{ String foo_xsl = "src/main/resources/transf.xml"; // input xsl}} > {{ EnterpriseTransformerFactory eef = > SaxonEEConsumerFactory.getEnterpriseTransformerFactoryInstance();}} > {{ > eef.getConfiguration().getConfigurationProperty(Feature.ALLOW_EXTERNAL_FUNCTIONS);}} > {{ eef.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); //This > causes External Functions to break}} > {{ > eef.getConfiguration().setConfigurationProperty("http://saxon.sf.net/feature/trace-external-functions;, > false);}} > {{ Transformer transformer = eef.newTransformer(new StreamSource(}} > {{ new File(foo_xsl)));}} > {{ transformer.transform(new StreamSource(new File(foo_xml)),}} > {{ new StreamResult(System.out));}} > {{ }}} > {{}}} > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CAMEL-18492) Enterprise Feature of Saxon is Disabled in Camel 3.x versions.
[ https://issues.apache.org/jira/browse/CAMEL-18492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17602297#comment-17602297 ] Andrea Cosentino commented on CAMEL-18492: -- It's a security best practice to the FEATURE_SECURE_PROCESSING to true. > Enterprise Feature of Saxon is Disabled in Camel 3.x versions. > -- > > Key: CAMEL-18492 > URL: https://issues.apache.org/jira/browse/CAMEL-18492 > Project: Camel > Issue Type: Bug > Components: camel-saxon, camel-xslt >Affects Versions: 3.0.0 >Reporter: Harish Annamalai >Priority: Major > > Hi All, > We use Camel-Saxon for one of our product. We use Saxon Enterprise Edition > 9.9.1.6. > We are migrating our product from camel 2.x to camel 3.x (2.24 to 3.15 to be > exact). > We use a paid feature of Saxon; Invoking *External Java Functions* in XSL > Transformations. > We also *Extension Functions,* which we pass to camel-xslt-saxon component. > What we have observed in camel 3.x versions and above, In class > {{{*}XsltSaxonEndpoint{*}.java}} During the registration of extension > functions, at line 202, {{registerSaxonExtensionFunctions}} method of > {{{*}XsltSaxonHelper{*}.java}} is called. > > In XsltSaxonHelper.class, the method, > {{{}registerSaxonExtensionFunctions{}}}, at line 55, sets a feature of > {*}XMLConstants.FEATURE_SECURE_PROCESSING{*}. > Unfortunately, Setting this Feature disables the External Java Function > calls. > We checked in Camel 2.x versions, this Feature is not set and therefore the > External Java Calls work fine. > > We see this as a bug - The Feature *XMLConstants.FEATURE_SECURE_PROCESSING* > is being introduced in 3.x and breaks a paid/Enterprise feature of Saxon. > > Sample Code to test: > {{import javax.xml.XMLConstants;}} > {{import javax.xml.transform.Transformer;}} > {{import javax.xml.transform.TransformerException;}} > {{import javax.xml.transform.TransformerFactory;}} > {{import javax.xml.transform.stream.StreamResult;}} > {{import javax.xml.transform.stream.StreamSource;}} > {{import java.io.File;}} > {{public class SaxonTransformationTester {}} > {{ public static void main(String[] args) throws TransformerException {}} > {{ String foo_xml = "src/main/resources/in.xml"; // input xml}} > {{ String foo_xsl = "src/main/resources/transf.xml"; // input xsl}} > {{ EnterpriseTransformerFactory eef = > SaxonEEConsumerFactory.getEnterpriseTransformerFactoryInstance();}} > {{ > eef.getConfiguration().getConfigurationProperty(Feature.ALLOW_EXTERNAL_FUNCTIONS);}} > {{ eef.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); //This > causes External Functions to break}} > {{ > eef.getConfiguration().setConfigurationProperty("http://saxon.sf.net/feature/trace-external-functions;, > false);}} > {{ Transformer transformer = eef.newTransformer(new StreamSource(}} > {{ new File(foo_xsl)));}} > {{ transformer.transform(new StreamSource(new File(foo_xml)),}} > {{ new StreamResult(System.out));}} > {{ }}} > {{}}} > > -- This message was sent by Atlassian Jira (v8.20.10#820010)