Add the ability to use a custom-loaded JCE provider instance instead of using
the system-provided one
-----------------------------------------------------------------------------------------------------
Key: WSS-82
URL: https://issues.apache.org/jira/browse/WSS-82
Project: WSS4J
Issue Type: Bug
Reporter: George Stanchev
Assignee: Davanum Srinivas
Currently WSS4J loads the BouncyCastle JCE (see WSSConfig.java). However, it
uses the JCE Security class to then register the JCE in the
java.security.Security registry. The problem is, that it uses the context
classloader which might or might not be available for other parties. The JCE
providers loaded via java.security.Secruity must be installed in the system
classloader since it loads the JCE.
JCE 1.4 and onwards provides a way to use an instance of a JCE provider
supplied by the caller instead of the classes requesting one from the Security
registry.
For example to get a cypher, one can write
Class clazz = myClassloader.loadClass("my.custom.JCEProvider");
java.security.Provider myprov = (java.security.Provider) clazz.getInstance();
javax.crypto.Cypher = javax.crypto.Cypher.getInstance(myTransofrmation,
myprov);
instead of
javax.crypto.Cypher = javax.crypto.Cypher.getInstance(myTransofrmation);
or
javax.crypto.Cypher = javax.crypto.Cypher.getInstance(myTransofrmation,
"myprov");
This way WSS4J will stay trully independent of any system-provider JCE
providers.
Same needs to be done for XML-Security library
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
