You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Kai Rommel (JIRA)" <ji...@apache.org> on 2013/06/14 14:37:20 UTC

[jira] [Created] (SANTUARIO-358) OSGi issue with javax.xml.crypto API packages included in Santuario xmlsec.jar

Kai Rommel created SANTUARIO-358:
------------------------------------

             Summary: OSGi issue with javax.xml.crypto API packages included in Santuario xmlsec.jar
                 Key: SANTUARIO-358
                 URL: https://issues.apache.org/jira/browse/SANTUARIO-358
             Project: Santuario
          Issue Type: Improvement
          Components: Java
    Affects Versions: Java 1.5.4
            Reporter: Kai Rommel
            Assignee: Colm O hEigeartaigh


Using Santuario within OSGI (Equinox) I encountered some issues. The used OSGi system is exposing the javax.xml.crypto packages from the jdk with version 0.0.0. The jar xmlsec also exposes these packages with another version. As my application is running in a OSGi environment it should be possible to register different providers and to use these.  These providers are registered within  the java.security.Security class. Does my application load the santuario provider “ApacheXMLDSig” (form provider class org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI) and my bundle/application loaded the java.xml.crypto packages with the jdk version, I will get an class cast exception.

I would like to deploy santuario without following packages
 javax.xml.crypto, 
 javax.xml.crypto.dom, 
 javax.xml.crypto.dsig, 
 javax.xml.crypto.dsig.dom, 
 javax.xml.crypto.dsig.keyinfo, 
 javax.xml.crypto.dsig.spec, 

I suppose this was also the reason for putting the xml parser APIs into a separate .jar.

There are different solutions to this problem:
1. The santuario bundle could have an optional import of the named packages and expose them a second time. In addition the Apache WSS4J bundle must also be changed, as it needs the packages with the santuario version.

Or

2. Package santuario implementation without the javax.xml.crypto packages. These packages could be provided in a separate jar/OSGi bundle (like it is done for the xml parser APIs in xml-apis-1.3.04.jar).

Is there any reason why you used to use the version of santuario for the javax.xml.crypto packages? I think the version of the corresponding specification (Java XML Digital Signature ) is 1.0. 

Best regards
Kai


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira