[jira] Commented: (WSS-82) Add the ability to use a custom-loaded JCE provider instance instead of using the system-provided one

Mon, 14 Apr 2008 23:56:09 -0700 

    [ 
https://issues.apache.org/jira/browse/WSS-82?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12588935#action_12588935
 ] 

George Stanchev commented on WSS-82:
------------------------------------

Hi Fred,

I think this will suffice in near term. Addressing this in a more generic way 
in 2.0 would be nice. BTW, thanks for all the recent work on wss4j.

George

> Add the ability to use a custom-loaded JCE provider instance instead of using 
> the system-provided one
> -----------------------------------------------------------------------------------------------------
>
>                 Key: WSS-82
>                 URL: https://issues.apache.org/jira/browse/WSS-82
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: George Stanchev
>
> Currently WSS4J loads the BouncyCastle JCE (see WSSConfig.java). However, it 
> uses the JCE Security class to then register the JCE in the 
> java.security.Security registry. The problem is, that it uses the context 
> classloader which might or might not be available for other parties. The JCE 
> providers loaded via java.security.Secruity must be installed in the system 
> classloader since it loads the JCE.
> JCE 1.4 and onwards provides a way to use an instance of a JCE provider 
> supplied by the caller instead of the classes requesting one from the 
> Security registry.
> For example to get a cypher, one can write
> Class clazz = myClassloader.loadClass("my.custom.JCEProvider");
> java.security.Provider myprov = (java.security.Provider) clazz.getInstance();
> javax.crypto.Cypher =  javax.crypto.Cypher.getInstance(myTransofrmation, 
> myprov);
> instead of
> javax.crypto.Cypher =  javax.crypto.Cypher.getInstance(myTransofrmation);
> or
> javax.crypto.Cypher =  javax.crypto.Cypher.getInstance(myTransofrmation, 
> "myprov");
> This way WSS4J will stay trully independent of any system-provider JCE 
> providers.
> Same needs to be done for XML-Security library

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to