You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Kai Rommel (JIRA)" <ji...@apache.org> on 2013/06/14 14:37:20 UTC
[jira] [Created] (SANTUARIO-358) OSGi issue with javax.xml.crypto
API packages included in Santuario xmlsec.jar
Kai Rommel created SANTUARIO-358:
------------------------------------
Summary: OSGi issue with javax.xml.crypto API packages included in Santuario xmlsec.jar
Key: SANTUARIO-358
URL: https://issues.apache.org/jira/browse/SANTUARIO-358
Project: Santuario
Issue Type: Improvement
Components: Java
Affects Versions: Java 1.5.4
Reporter: Kai Rommel
Assignee: Colm O hEigeartaigh
Using Santuario within OSGI (Equinox) I encountered some issues. The used OSGi system is exposing the javax.xml.crypto packages from the jdk with version 0.0.0. The jar xmlsec also exposes these packages with another version. As my application is running in a OSGi environment it should be possible to register different providers and to use these. These providers are registered within the java.security.Security class. Does my application load the santuario provider “ApacheXMLDSig” (form provider class org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI) and my bundle/application loaded the java.xml.crypto packages with the jdk version, I will get an class cast exception.
I would like to deploy santuario without following packages
javax.xml.crypto,
javax.xml.crypto.dom,
javax.xml.crypto.dsig,
javax.xml.crypto.dsig.dom,
javax.xml.crypto.dsig.keyinfo,
javax.xml.crypto.dsig.spec,
I suppose this was also the reason for putting the xml parser APIs into a separate .jar.
There are different solutions to this problem:
1. The santuario bundle could have an optional import of the named packages and expose them a second time. In addition the Apache WSS4J bundle must also be changed, as it needs the packages with the santuario version.
Or
2. Package santuario implementation without the javax.xml.crypto packages. These packages could be provided in a separate jar/OSGi bundle (like it is done for the xml parser APIs in xml-apis-1.3.04.jar).
Is there any reason why you used to use the version of santuario for the javax.xml.crypto packages? I think the version of the corresponding specification (Java XML Digital Signature ) is 1.0.
Best regards
Kai
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira