I think that may only set the provider for the keystore creation
operations.
Shawn, is your question whether you can set this, across the board,
for resolving things like various cryptographic algorithms used in the
runtime?
I'm fairly certain there's no way to do this, and more importantly, no
way to do it in the XMLSec libraries (I might be wrong about the
latter, as I'm not completely familiar with that toolkit, and its
level of configurability).
Now, that being said, we did add support in 1.5.4 to disable the
programmatic registration of Bouncycastle as a JCE provider, though a
proper solution is awaiting some re-design of the APIs, probably for
WSS4J 2.0.
What you'll need to do is set the setAddJceProviders flag to false, on
the WSSConfig class:
WSSConfig.setAddJceProviders(false);
This is a static operation, so you'll need to make sure this gets
called before any WSS4J operations are called.
Like I said, this is not really a proper solution in the general case,
but we need to do some work to re-design the lifecycle management of
some of the WSS4J objects in the WSS4J core, but that's not planned in
the 1.5.x series, so the static hack is what you'd have to use.
-Fred
On Jul 3, 2008, at 5:56 AM, O hEigeartaigh, Colm wrote:
You could try adding this to your crypto properties file:
org.apache.ws.security.crypto.merlin.keystore.provider=<provider name
here>
Colm.
-----Original Message-----
From: Shawn McKinney [mailto:[EMAIL PROTECTED]
Sent: 02 July 2008 14:57
To: [email protected]
Subject: Question on WSS4J 1.5 Crypto Provider Configuration
Hello,
I have question:
How do (can) we change the default crypto provider
used by WSS4J for a particular Java runtime instance?
We are using WSS4J 1.5 and would like to enable WSS4J
to use the default crypto provider provided by Sun or
IBM in a Java runtime. The idea here is we want to
make it as easy as possible for our developers to test
transactions using WS-Security running in Axis.
We run Axis/WSS4J in JBoss, Tomcat and Websphere
containers and would like to be able to test using the
standard providers found in either JVM implementation
without having to configure the BouncyCastle provider.
Please note the aim here isn't to phase out or replace
our use of BouncyCastle provider in production as we
are quite happy with its capabilities. Rather we want
to remove a step (steamline setup) for developers that
want to test using our security configuration.
Our default client-side configuration is to enable
Username token, ecrypted:
<parameter name="action" value="UsernameToken Encrypt
Timestamp"/>
Thanks in advance for your reply.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4,
Ireland
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
