So is there any way of limiting which java classes
can be accessed as extensions?
I doubt it.
I'm assuming you have a set of classes that provide all the secure
information, however. If a user altered the style sheet, added their own
extension functions, don't they still have to add some point then call your
classes to get the secure information, and therefore, isn't that the point
were you
can enforce security. Perhaps, i'm still not grasping the entirety of your
problem.
----- Original Message -----
From: "Johan Zxcer" <nab...@zurahn.com>
To: <xalan-j-users@xml.apache.org>
Sent: Sunday, March 01, 2009 4:39 PM
Subject: Re: Usage model - no source XML, just api calls
Yes, extensions are where I started and provide exactly what I need -
except
that I couldn't find any mechanism for limiting the set of java classes
that
are available as Xalan extensions. Given that a style sheet is editable
by
a non-privileged user, it would be a glaring security hole that isn't
mentioned in the xalan docs, the below link, or any other examples of
extensions I've found. So is there any way of limiting which java classes
can be accessed as extensions?
Thanks for your patience..
johan
Dave Brosius-2 wrote:
Perhaps xalan extension functions are what you are after.
http://www.ibm.com/developerworks/library/x-xalanextensions.html
--
View this message in context:
http://www.nabble.com/Usage-model---no-source-XML%2C-just-api-calls-tp22264025p22278384.html
Sent from the Xalan - J - Users mailing list archive at Nabble.com.
