Skip to main content

Using JSR 105 with JDK 1.4 or 1.5

Posted by mullan on February 27, 2008 at 8:20 AM PST

JSR 105 (XML Digital Signature API) is included with JDK 6, but is also available separately, for example as part of the Apache XML Security Project. This allows you to use the JSR with earlier JDK/JREs such as JDK 1.4 or JDK 5.

If you do this, however, be aware that the JSR 105 service provider implementation is not included by default with JDK 1.4 or JDK 1.5, so you may get some exceptions when instantiating an XMLSignatureFactory:


XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");

javax.xml.crypto.NoSuchMechanismException: Mechanism type DOM not available
    at javax.xml.crypto.dsig.XMLDSigSecurity.getEngineClassName(Unknown Source)
    at javax.xml.crypto.dsig.XMLDSigSecurity.getImpl(Unknown Source)
    at javax.xml.crypto.dsig.XMLDSigSecurity.getImpl(Unknown Source)
    at javax.xml.crypto.dsig.XMLSignatureFactory.findInstance 

The easiest workaround is to just instantiate and specify the service provider implementation (bundled with Apache XMLSec) as a parameter as follows:

XMLSignatureFactory factory = 
    XMLSignatureFactory.getInstance
        ("DOM", new org.jcp.xml.dsig.internal.dom.XMLDSigRI());

Alternatively, you can register the provider in the java.security file, or use the java.security.Provider API. See http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#ProviderInstalling
"Registering a Provider" for more details.

Related Topics >>

Comments

Hi All, Thanks Sean for the workaround Using JSR 105 with ...

Hi All,

Thanks Sean for the workaround Using JSR 105 with JDK 1.4 or 1.5 .

We tried your workaround. It is working fine in JDK 1.5 with weblogic 10.0 (with jdk150_06). But When we deploy the same code in weblogic 10.0 (with jdk150_11 and some security patch upgraded in weblogic), We are getting below exception.

java.lang.NoClassDefFoundError: org/jcp/xml/dsig/internal/dom/DOMEnvelopedTransform
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:501)
at java.lang.Class.newInstance0(Class.java:350)
at java.lang.Class.newInstance(Class.java:303)
at javax.xml.crypto.dsig.XMLDSigSecurity.doGetImpl(Unknown Source)
at javax.xml.crypto.dsig.XMLDSigSecurity.getImpl(Unknown Source)
at javax.xml.crypto.dsig.TransformService.findInstance(Unknown Source)
at javax.xml.crypto.dsig.TransformService.getInstance(Unknown Source)

Please help us to resolve the issue.

Many Thanks for your help.

Hi Sean, Please ignore my earlier post. I forgot to remove the throw statements that are no longer needed using your recommended code. Thanks.

Hi Sean, I am getting the compilation error when using this code. XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance ("DOM", new org.jcp.xml.dsig.internal.dom.XMLDSigRI()); Error: Error(182): exception java.lang.ClassNotFoundException is never thrown in body of corresponding try statement Error(203): exception java.lang.InstantiationException is never thrown in body of corresponding try statement Error(206): exception java.lang.IllegalAccessException is never thrown in body of corresponding try statement However, this code is successfully compiled. String providerName = System.getProperty("jsr105Provider", JSR_105_PROVIDER); XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM", (Provider)Class.forName(providerName).newInstance()); Here is what I have done. 1. downloaded the latest XML Security version (1.4.2) 2. copied the xmlsec-1.4.2.jar file to my web app (/WEB-INF/lib folder). 3. renamed the xmlsec-1.4.2.jar file to xmlsec.jar. 4. compiled my source code Do I need to put the xmlsec.jar in the JDK for compilation? Thanks.