[
https://issues.apache.org/jira/browse/WSS-82?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fred Dushin reassigned WSS-82:
------------------------------
Assignee: Fred Dushin
> Add the ability to use a custom-loaded JCE provider instance instead of using
> the system-provided one
> -----------------------------------------------------------------------------------------------------
>
> Key: WSS-82
> URL: https://issues.apache.org/jira/browse/WSS-82
> Project: WSS4J
> Issue Type: Bug
> Reporter: George Stanchev
> Assignee: Fred Dushin
>
> Currently WSS4J loads the BouncyCastle JCE (see WSSConfig.java). However, it
> uses the JCE Security class to then register the JCE in the
> java.security.Security registry. The problem is, that it uses the context
> classloader which might or might not be available for other parties. The JCE
> providers loaded via java.security.Secruity must be installed in the system
> classloader since it loads the JCE.
> JCE 1.4 and onwards provides a way to use an instance of a JCE provider
> supplied by the caller instead of the classes requesting one from the
> Security registry.
> For example to get a cypher, one can write
> Class clazz = myClassloader.loadClass("my.custom.JCEProvider");
> java.security.Provider myprov = (java.security.Provider) clazz.getInstance();
> javax.crypto.Cypher = javax.crypto.Cypher.getInstance(myTransofrmation,
> myprov);
> instead of
> javax.crypto.Cypher = javax.crypto.Cypher.getInstance(myTransofrmation);
> or
> javax.crypto.Cypher = javax.crypto.Cypher.getInstance(myTransofrmation,
> "myprov");
> This way WSS4J will stay trully independent of any system-provider JCE
> providers.
> Same needs to be done for XML-Security library
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
