DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=5979>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=5979 property names do not conform to "." naming conventions required by SecrityManager java.util.PropertyPermission ------- Additional Comments From [EMAIL PROTECTED] 2002-01-24 01:18 ------- Here are some of the property names I found which do not use a package naming convention which xalan uses: {http://xml.apache.org/xslt}indent-amount {http://xml.apache.org/xslt}content-handler {http://xml.apache.org/xslt}entities {http://xml.apache.org/xslt}use-url-escaping {http://xml.apache.org/xslt}omit-meta-tag method encoding omit-xml-declaration indent standalone version media-type Here is the line from the stack trace that appears to trigger most of the above. It is eiether line 263 or 274 in OutputProperties.loadPropertiesFile. at org.apache.xalan.templates.OutputProperties.loadPropertiesFile(OutputProperties.java:274) If some of these property names are based on the JAXP spec then perhaps some feedback could be sent to the JCP, what are the relevant JSR's for this? The bottom line is that the above property names which do not use java package "." naming conventions make it much more difficult to configure a java security policy. =============================================================================== Another possible SecurityManager related bug is using System.getProperties() to get all system properties. Xalan may be invoked by code running within a web application, rarely would a web application be given read access for all system properties. So use of System.getProperties() by xalan would fail. Here is a line from a stack trace where xalan triggered that. at org.apache.xalan.processor.TransformerFactoryImpl.loadPropertyFileToSystem(TransformerFactoryImpl.java:190)
