Test build failed in Java 7

[LiuXing-R]

Environment

windows jdk-7 maven 3.8.1 antisamy 1.6.4

Steps to reproduce

mvn test / mvn package

What is expected?

Success

What is actually happening?

......
[ERROR] Tests run: 14, Failures: 0, Error
s: 1, Skipped: 0, Time elapsed: 0.11 s <<< FAILURE! - in o
rg.owasp.validator.html.test.PolicyTest
[ERROR] org.owasp.validator.html.test.PolicyTest.testGithubIssue79  Ti
me elapsed: 0 s  <<< ERROR!
java.lang.UnsupportedClassVersionError: org/owasp/antisamy/test/Dummy : Unsuppor
ted major.minor version 52.0
        at org.owasp.validator.html.test.PolicyTest.testGithubIssue79(PolicyTest
.java:341)

[INFO] Results:
[INFO]
[ERROR] Errors:
[ERROR]   PolicyTest.testGithubIssue79:341 ? UnsupportedClassVe
rsion org/owasp/antisamy/...
[INFO]
[ERROR] Tests run: 93, Failures: 0, Errors: 1, Skipped: 0
[INFO]
[INFO] -----------------------------------------------------------
-------------
[INFO] BUILD FAILURE
[INFO] -----------------------------------------------------------
......

and

......
Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-enforcer-plugin/3.0.0-M3/maven-enforcer-plugin-3.0.0-M3.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  0.939 s
[INFO] Finished at: 2021-08-04T10:35:20+08:00
[INFO] ------------------------------------------------------------------------
[ERROR] Plugin org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M3 or one of its dependencies could not be resolved: Failed to read artifact descriptor for org.apache.maven.plugins:maven-enforcer-
plugin:jar:3.0.0-M3: Could not transfer artifact org.apache.maven.plugins:maven-enforcer-plugin:pom:3.0.0-M3 from/to central (https://repo.maven.apache.org/maven2): transfer failed for https://repo.maven.apache
.org/maven2/org/apache/maven/plugins/maven-enforcer-plugin/3.0.0-M3/maven-enforcer-plugin-3.0.0-M3.pom: Received fatal alert: protocol_version -> [Help 1]
......

Reason

1, The use case for TestGithubIssue79 requires jdk8.
2, Java7 defaults to TLSv1.0, but maven-enforcer-plugin-3.0.0-M3.pom has instructions to set it to TLSv1.2.
All of this means that the new version of Antisamy is no longer supporting Java 7, at least Java8, but I note that the readme document states that Antisamy 1.6.4 supports Java 7+.
As far as I know, JDK now has only two TLS versions, Java 8 and Java 11, and the other versions are no longer maintained.
Why does Antisamy still need to support Java 7?

Best Regards

[davewichers]

I've experienced issues with Java 7 vs. Java 8 where you can't download the artifacts required to run things with Java7 due to TLS problems. So you first have to download them with Java 8, then switch to Java 7, and then you can run/test everything no problem. Is that the problem you are having? That might at least solve your download from Central error.

If that fixes the 2nd problem, does it make the 1st error go away too? Or not?

The reason we are trying to maintain Java 7 support is the OWASP ESAPI project uses AntiSamy and they are trying to maintain Java 7 support. Once they move to Java 8, we plan to do so too. @kwwall - Any news on when ESAPI might move to Java 8 finally?

[LiuXing-R]

@davewichers I've tried this method

So you first have to download them with Java 8, then switch to Java 7,

It can solve the problem of downloading from Centre errors, but the org.owasp.validator .html.test.policyTest.testGithubIsue79 test case still fails.

I'm not sure if this use case uses Java8's API, at least the exception information is Unsupported major.minor version 52.0.

I have a solution to replace Class.forName with URLClassLoader, to get files under the 'jar:file' path, and I've verified it in Java7.
e.g:

            java.net.URLClassLoader child = new java.net.URLClassLoader(
                    new URL[] {Thread.currentThread().getContextClassLoader().getResource("policy-in-external-library.jar")},
                    this.getClass().getClassLoader()
            );

            policyUrl = child.getResource("policyInsideJar.xml");

Unfortunately, 'mvn package' still failed because 'javadocjar: Unsupported major.minor version 52'. Maybe java8 is the best choice.

[davewichers]

I have verified that everything compiles fine with Java 7, but you can't run the unit tests with Java 7, because of the above issue. However, I'm pretty confident that AntiSamy works on Java 7, just fine. And it's not worth fixing this as we are about to move to Java 8 in the 1.7.0 release which we intend to release in early 2022. As such, we aren't going to fix this.