Created attachment 36274 [details] Error on org.apache.poi.ooxml.util.DocumentHelper.trySetXercesSecurityManager for attribute http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit Getting error in runtime (attached) trying to get an XSSFWorkbook on an Weblogic deployment. In trySetXercesSecurityManager it seems that the com.sun.org.apache.xerces.internal.util.SecurityManager has been commented out. This result on reach of line dbf.setAttribute(POIXMLConstants.PROPERTY_ENTITY_EXPANSION_LIMIT, 1); which results the error. My setup : Weblogic 12.1.3 JDK 8
I think this is fixed / will be fixed in POI 4.0.1, because of XmlBeans 3.0.2 https://issues.apache.org/jira/browse/XMLBEANS-519
I am using XmlBeans 3.0.2 at the moment but I guess that this has to do with the XercesImpl which is included in jdk in JDK8. It seems that the http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit is an unknown attribute. Shouldn't the comment of the com.sun.org.apache.xerces.internal.util.SecurityManager be uncommented? Reviewing the repository that this has been uncommented only in the latest revision of the trunk. Is this is included in 4.0.0 to try something else or go to a previous version or should I wait for 4.0.1 to use?
As far as I see this should be fixed via r1840304, bug 62692 and released via Apache POI 4.0.1, we now ignore failures to set the attribute if the actual XML parser implementation does not support it.