Guy -- I could be wrong but I really don't think the problem is in Xalan. It was mentioned before that you are using com.sun.org.apache.xalan.internal.xsltc.dom.LoadDocument.documentF which is not an Apache Xalan class but a Sun adaptation of it for inclusion into the JDK. I'm wondering if there is a bug in the JVM or Web Start implementation in terms of permissions for this class in the Web Start environment since it doesn't start with java or javax.
As a test, I wonder if you could download the true xalan.jar and serializer.jar and then set up TransformerFactory.newInstance() to return a true XalanJ TransformerFactory as opposed to the version of Xalan built into the JDK. This is done by including an element in the JNLP like <property name="javax.xml.transform.TransformerFactory" value="org.apache.xalan.processor.TransformerFactoryImpl" /> Gary > -----Original Message----- > From: Guy McArthur [mailto:[EMAIL PROTECTED] > Sent: Friday, August 19, 2005 1:36 PM > Cc: [email protected] > Subject: Re: security exception when in web start > > Gary L Peskin wrote: > > >4. If you add the following to one of your initial classes: > > System.err.println("SecurityManager = " + > >System.getSecurityManager()); > > what does it show? > > > > > > It is com.sun.javaws.security.JavaWebStartSecurity. > > What's apparently happening is that the combination of > a) Java Web Start > b) XSL templates in Jar files > and > c) using the document() Xpath function > > is a bug in JAXP (Xalan implementation). > >
