I don't know of anything built into Xalan for the purpose, though it's certainly an interesting suggestion.
______________________________________ "... Three things see no end: A loop with exit code done wrong, A semaphore untested, And the change that comes along. ..." -- "Threes" Rev 1.1 - Duane Elms / Leslie Fish ( http://www.ovff.org/pegasus/songs/threes-rev-11.html) "Dave Brosius" <dbros...@mebigfatguy.com> 03/01/2009 07:58 PM To "Johan Zxcer" <nab...@zurahn.com>, <xalan-j-users@xml.apache.org> cc Subject Re: Usage model - no source XML, just api calls >> So is there any way of limiting which java classes > can be accessed as extensions? I doubt it. I'm assuming you have a set of classes that provide all the secure information, however. If a user altered the style sheet, added their own extension functions, don't they still have to add some point then call your classes to get the secure information, and therefore, isn't that the point were you can enforce security. Perhaps, i'm still not grasping the entirety of your problem. ----- Original Message ----- From: "Johan Zxcer" <nab...@zurahn.com> To: <xalan-j-users@xml.apache.org> Sent: Sunday, March 01, 2009 4:39 PM Subject: Re: Usage model - no source XML, just api calls > > Yes, extensions are where I started and provide exactly what I need - > except > that I couldn't find any mechanism for limiting the set of java classes > that > are available as Xalan extensions. Given that a style sheet is editable > by > a non-privileged user, it would be a glaring security hole that isn't > mentioned in the xalan docs, the below link, or any other examples of > extensions I've found. So is there any way of limiting which java classes > can be accessed as extensions? > > Thanks for your patience.. > > johan > > > Dave Brosius-2 wrote: >> >> Perhaps xalan extension functions are what you are after. >> >> http://www.ibm.com/developerworks/library/x-xalanextensions.html >> > > -- > View this message in context: > http://www.nabble.com/Usage-model---no-source-XML%2C-just-api-calls-tp22264025p22278384.html > Sent from the Xalan - J - Users mailing list archive at Nabble.com. >
