Problem

An XSLT transformation fails with a message similar to the following:

nested fault: java.lang.RuntimeException: Use of the extension function 'xalan://java.lang.Math:random' is not allowed
when the secure processing feature is set to true.

Resolution

This happens because in API Gateway, Apache XALAN is configured with XMLConstants.FEATURE_SECURE_PROCESSING for security reasons. It is not possible to turn this feature off, so the offending function should be removed from the XSLT. In this example, a random ID should be inserted by the XSLT, so instead of doing that with XSLT, a random ID could be generated via a scripting language filter and then inserted into the XML with Add XML Node.