MLE-21420 Refactor: Consolidated TransformerFactory construction

[rjrudin]

No effect on behavior here. This is just to help with an issue in the Spark connector, where the Saxon-HE TransformerFactory is being used. Having all TransformerFactory.newInstance() calls in one place makes it easier to think about how it's used in the Java Client.

Also good from a security perspective - i.e. all uses of TF are being configured with the necessary precautions.

[Copilot]

Pull Request Overview

This refactors all direct TransformerFactory instantiations to use a centralized XmlFactories.makeNewTransformerFactory() method, ensuring consistent secure configuration and simplifying future connector work.

• Centralized TransformerFactory creation into XmlFactories
• Updated all test and source code to replace TransformerFactory.newInstance() calls
• Removed duplicate secure configuration logic in SourceHandle and InputSourceHandle

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
marklogic-client-api/src/test/java/com/marklogic/client/test/rows/RowManagerTest.java	Swapped direct TF instantiation to XmlFactories
marklogic-client-api/src/test/java/com/marklogic/client/test/XMLDocumentTest.java	Replaced TransformerFactory.newInstance() with XmlFactories
marklogic-client-api/src/test/java/com/marklogic/client/test/HandleAsTest.java	Repointed to centralized XmlFactories for transformers
marklogic-client-api/src/main/java/com/marklogic/client/io/SourceHandle.java	Removed local factory builder, now delegates to XmlFactories
marklogic-client-api/src/main/java/com/marklogic/client/io/InputSourceHandle.java	Same consolidation for SAXSource transforms
marklogic-client-api/src/main/java/com/marklogic/client/impl/XmlFactories.java	New centralized factory with secure defaults and logging
marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/functionaltest/BasicJavaClientREST.java	Switched to XmlFactories for all transformer uses
marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/fastfunctest/TestTransformXMLWithXSLT.java	Same consolidation for XSLT tests
marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/fastfunctest/TestDocumentEncoding.java	Consolidated transformer instantiation
marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/fastfunctest/TestBulkWriteWithTransformations.java	Replaced TF instantiation

[Copilot]

[nitpick] Define a private static final Logger at the top of XmlFactories and reuse it in the catch block instead of calling LoggerFactory.getLogger(...) each time to reduce repeated lookups and improve readability.

Suggested change

	LoggerFactory.getLogger(XmlFactories.class).warn("Unable to set secure processing feature on TransformerFactory; cause: {}", e.getMessage());
	logger.warn("Unable to set secure processing feature on TransformerFactory; cause: {}", e.getMessage());

[Copilot]

Wrap the setAttribute calls for ACCESS_EXTERNAL_DTD and ACCESS_EXTERNAL_STYLESHEET in try-catch blocks to gracefully handle IllegalArgumentException when a TransformerFactory implementation does not support those attributes.

Suggested change

	factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
	factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
	try {
	factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
	} catch (IllegalArgumentException e) {
	LoggerFactory.getLogger(XmlFactories.class).warn("Unable to set ACCESS_EXTERNAL_DTD attribute on TransformerFactory; cause: {}", e.getMessage());
	}
	try {
	factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
	} catch (IllegalArgumentException e) {
	LoggerFactory.getLogger(XmlFactories.class).warn("Unable to set ACCESS_EXTERNAL_STYLESHEET attribute on TransformerFactory; cause: {}", e.getMessage());
	}