I use javax.xml.transform.Transformer to process some XML-data with a custom developed XSLT document. In this xslt-document, I call a function from my packages. To do this, I need to set the secure-processing-feature for the processor to false, because the secure mode does not allow calling Java functions:
final TransformerFactory factory = TransformerFactory.newInstance();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
Now I wonder, if this is secure. Is it possible to create a whitelist that lists the allowed functions to be called during the processing? Is it even necessary, as I define the stylesheet on my own and no user input can be added here?
The primary purpose of "secure processing mode" is to make it reasonably safe for your application to execute untrusted XSLT/XPath code. If you trust the XSLT code you are executing, then in principle there is no need to set "secure processing mode" on. Unfortunately you may run foul of the security police in your organisation, who will often mandate that all such controls be set to their most secure setting possible, without actually looking at the detail of what this means.
The question "is this secure?" is meaningless without analysis of what risks you are trying to protect against.
As Martin Honnen mentions, you could switch to Saxon, which allows you to register specific Java classes/methods as extension functions in such a way that these are the only external calls allowed.