Sean Mullan's Blog

My pages	Projects	Communities	java.net

Get Involved

java-net Project

Request a Project

Project Help Wanted Ads

Publicize your Project

Get Informed

java.net Online Books

java.net Archives

Get Connected

java.net Forums

Wiki and Javapedia

People, Partners, and Jobs

Java User Groups

RSS Feeds

Search

Online Books:

Advanced Search

Sean Mullan's Blog

Sean Mullan is a staff engineer at Sun Microsystems working on Java Security and focused on the areas of PKI, XML Security, and access control. He was specification lead of JSR 55 (Certification Path API) and is currently co-specification lead of JSR 105 (XML Digital Signature API).

Apache XML Security 1.4.2 Beta 1 available for testing

Posted by mullan on March 21, 2008 at 12:45 PM | Permalink | Comments (0)

I just posted the initial beta release of Apache XML Security 1.4.2. This release contains many bug fixes and a few enhancements, such as an implementation of Canonical XML 1.1.

If you use Apache XML Security or JSR 105 in your applications and products, please download it and test it and report any bugs or issues that you find on the Apache XML Security mailing list.

Configuring the logging properties for JSR 105 and Apache XML Signature applications.

Posted by mullan on March 13, 2008 at 12:29 PM | Permalink | Comments (0)

A while ago, I blogged about XML Signature debugging and how to configure the logging mechanism to emit debug information.

This configuration works if you are using the JSR 105 bundled with JDK 6. However, if you are using JSR 105 as bundled with Apache XML Security, you need to make a tweak to the configuration file because some of the packages are named differently. Here are the diffs you should apply:



< com.sun.org.apache.xml.internal.security.level = FINER

---

> org.apache.xml.security.level = FINER

Using JSR 105 with JDK 1.4 or 1.5

Posted by mullan on February 27, 2008 at 08:20 AM | Permalink | Comments (0)

JSR 105 (XML Digital Signature API) is included with JDK 6, but is also available separately, for example as part of the Apache XML Security Project. This allows you to use the JSR with earlier JDK/JREs such as JDK 1.4 or JDK 5.

If you do this, however, be aware that the JSR 105 service provider implementation is not included by default with JDK 1.4 or JDK 1.5, so you may get some exceptions when instantiating an XMLSignatureFactory:

XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");

javax.xml.crypto.NoSuchMechanismException: Mechanism type DOM not available
at javax.xml.crypto.dsig.XMLDSigSecurity.getEngineClassName(Unknown Source)
at javax.xml.crypto.dsig.XMLDSigSecurity.getImpl(Unknown Source)
at javax.xml.crypto.dsig.XMLDSigSecurity.getImpl(Unknown Source)
at javax.xml.crypto.dsig.XMLSignatureFactory.findInstance

The easiest workaround is to just instantiate and specify the service provider implementation (bundled with Apache XMLSec) as a parameter as follows:

XMLSignatureFactory factory = 
    XMLSignatureFactory.getInstance
        ("DOM", new org.jcp.xml.dsig.internal.dom.XMLDSigRI());

Alternatively, you can register the provider in the java.security file, or use the java.security.Provider API. See http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#ProviderInstalling
"Registering a Provider" for more details.

Sean Mullan's Blog

Apache XML Security 1.4.2 Beta 1 available for testing

Configuring the logging properties for JSR 105 and Apache XML Signature applications.

Using JSR 105 with JDK 1.4 or 1.5

April 2008

Search this blog:

Categories

Archives

Recent Entries