[jira] [Closed] (WSS-82) Add the ability to use a custom-loaded JCE provider instance instead of using the system-provided one

Mon, 03 Oct 2011 02:07:11 -0700 

     [ 
https://issues.apache.org/jira/browse/WSS-82?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh closed WSS-82.
----------------------------------

    
> Add the ability to use a custom-loaded JCE provider instance instead of using 
> the system-provided one
> -----------------------------------------------------------------------------------------------------
>
>                 Key: WSS-82
>                 URL: https://issues.apache.org/jira/browse/WSS-82
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: George Stanchev
>            Assignee: Fred Dushin
>             Fix For: 1.5.4
>
>
> Currently WSS4J loads the BouncyCastle JCE (see WSSConfig.java). However, it 
> uses the JCE Security class to then register the JCE in the 
> java.security.Security registry. The problem is, that it uses the context 
> classloader which might or might not be available for other parties. The JCE 
> providers loaded via java.security.Secruity must be installed in the system 
> classloader since it loads the JCE.
> JCE 1.4 and onwards provides a way to use an instance of a JCE provider 
> supplied by the caller instead of the classes requesting one from the 
> Security registry.
> For example to get a cypher, one can write
> Class clazz = myClassloader.loadClass("my.custom.JCEProvider");
> java.security.Provider myprov = (java.security.Provider) clazz.getInstance();
> javax.crypto.Cypher =  javax.crypto.Cypher.getInstance(myTransofrmation, 
> myprov);
> instead of
> javax.crypto.Cypher =  javax.crypto.Cypher.getInstance(myTransofrmation);
> or
> javax.crypto.Cypher =  javax.crypto.Cypher.getInstance(myTransofrmation, 
> "myprov");
> This way WSS4J will stay trully independent of any system-provider JCE 
> providers.
> Same needs to be done for XML-Security library

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to