2

After updating Apache POI from 3.17 to 4.0.0 i'm getting on line:

OPCPackage pck = OPCPackage.open(this.getTemplate());

an exception:

java.lang.IllegalArgumentException: Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized.
     at org.apache.xerces.jaxp.DocumentBuilderFactoryImpl.setAttribute(DocumentBuilderFactoryImpl.java:144)
     at __redirected.__DocumentBuilderFactory.setAttribute(__DocumentBuilderFactory.java:125)
     at org.apache.poi.ooxml.util.DocumentHelper.trySetXercesSecurityManager(DocumentHelper.java:143)
     at org.apache.poi.ooxml.util.DocumentHelper.<clinit>(DocumentHelper.java:108)
     at org.apache.poi.openxml4j.opc.internal.ContentTypeManager.parseContentTypesFile(ContentTypeManager.java:392)
     at org.apache.poi.openxml4j.opc.internal.ContentTypeManager.<init>(ContentTypeManager.java:104)
     at org.apache.poi.openxml4j.opc.internal.ZipContentTypeManager.<init>(ZipContentTypeManager.java:54)
     at org.apache.poi.openxml4j.opc.ZipPackage.getPartsImpl(ZipPackage.java:258)
     at org.apache.poi.openxml4j.opc.OPCPackage.getParts(OPCPackage.java:725)
     at org.apache.poi.openxml4j.opc.OPCPackage.open(OPCPackage.java:275)
     at org.apache.poi.openxml4j.opc.OPCPackage.open(OPCPackage.java:181)

They say in How to disable accessExternalDTD and entityExpansionLimit warnings with logback that i should exclude xerces, but i had this already:

  <dependency>
     <groupId>org.apache.poi</groupId>
     <artifactId>poi</artifactId>
     <version>4.0.0</version>
  </dependency>
  <dependency>
     <groupId>org.apache.poi</groupId>
     <artifactId>poi-ooxml</artifactId>
     <version>4.0.0</version>
     <exclusions>
        <exclusion>
           <groupId>xml-apis</groupId>
           <artifactId>xml-apis</artifactId>
        </exclusion>
        <exclusion>
           <groupId>xerces</groupId>
           <artifactId>xercesImpl</artifactId>
        </exclusion>
     </exclusions>
  </dependency>

My setup:

  • JDK 8
  • WildFly 14

Going back to 3.17 fixes the issue.

Robert Niestroj
  • 15,299
  • 14
  • 76
  • 119
  • 1
    Can you report this as a bug in the POI Bugzilla? Looks like an extra try/catch is needed to deal with your old xml parser – Gagravarr Sep 07 '18 at 12:56
  • OK, posted it there: https://bz.apache.org/bugzilla/show_bug.cgi?id=62692 – Robert Niestroj Sep 07 '18 at 13:14
  • 2
    the POI 4.0.0 code works with up to date versions of xerces - the code doesn't even get as far the trying to set the entity expansion limit because it will set the xerces security manager first and stop there - would you be able to try adding an explicit dependency on the latest version of xerces? https://mvnrepository.com/artifact/xerces/xercesImpl/2.12.0 – PJ Fanning Sep 08 '18 at 12:21
  • Yes, that worked. Thank you. i could even remove the two exclusions. Post it as an answer and i will accept it. If possible add some explaination. Also tell me if this is a bug in POI or in my setup. Maybe i should close the issue. – Robert Niestroj Sep 08 '18 at 15:32

2 Answers2

5

the POI 4.0.0 code works with up to date versions of xerces - the code doesn't even get as far the trying to set the entity expansion limit because it will set the xerces security manager first and stop there - would you be able to try adding an explicit dependency on the latest version of xerces? https://mvnrepository.com/artifact/xerces/xercesImpl/2.12.0

PJ Fanning
  • 953
  • 5
  • 13
0

This has beed fixed in POI 4.0.1.

Corresponding bug: https://bz.apache.org/bugzilla/show_bug.cgi?id=62692

Robert Niestroj
  • 15,299
  • 14
  • 76
  • 119