Thank you very much for the quick responses.
No - I'm not getting any messages at all from the XML Security code. It
appears as though the logging statements that exist in the JSR 105 version
do not exist in the Apache API. Unfortunately, I don't believe I have any
control over which version I am using since this is being called from
Apache WSS4J and Rampart. As I mentioned in my original post, I am using
this in the larger context of Apache Axis2 integrated into my application.
I can certainly add the logging I need to the Apache version, but unless
this logging is also added to the "official" version of the library, then
it will be lost if/when we apply any updates/fixes. It is also
interesting that what logging I do see in the Apache version of the API is
using the commons-logging framework instead the JDK logging.
For your reference, here are the corresponding code snippets from both
versions of the DigesterOutputStream class:
Non-standard:
/** @inheritDoc */
public void write(byte[] arg0, int arg1, int arg2) {
mda.update(arg0, arg1, arg2);
}
JSR 105:
/** @inheritDoc */
public void write(byte[] input, int offset, int len) {
if (buffer) {
bos.write(input, offset, len);
}
if (log.isLoggable(Level.FINER)) {
log.log(Level.FINER, "Pre-digested input:");
StringBuffer sb = new StringBuffer(len);
for (int i=offset; i<(offset+len); i++) {
sb.append((char) input[i]);
}
log.log(Level.FINER, sb.toString());
}
md.update(input, offset, len);
}
Thanks again.
"Sean Mullan" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
03/28/2008 03:34 PM
Please respond to
security-dev@xml.apache.org
To
security-dev@xml.apache.org
cc
Subject
Re: XML Signature debugging
Wally Dennis wrote:
>
> Update:
>
> I decided to try to enable the JDK Logging facility to run in parallel
> with Log4j, since in theory there should be no conflicts. However, when
> I follow the instructions contained in the blog postings for how to
> configure the logging, I still do not get any output. When I debug
> through the XML Security code, I am definitely calling the
> org.apache.xml.security.utils.DigesterOutputStream class instead of the
> org.jcp.xml.dsig.internal.DigesterOutputStream class. Am I missing
> something? The log statements are definitely not present in the former
> version of this class - should they be or is there a reason why
> WSS4J/Rampart is using the version without the logging capability?
There are 2 APIs in Apache XML Security: the standard JSR 105 API, and
the non-standard Apache XML Security API. Depending on which one you are
using, some of the code paths are different. For example, if you use JSR
105, the code in org.jcp.xml.dsig.internal will be used whereas it will
not be if you are using the Apache API. It sounds as if you are not
using JSR 105, thus you aren't getting the log messages from the
org.jcp.xml.dsig.internal classes. But you should be seeing some other
messages?
--Sean
The information contained in this e-mail and any accompanying documents may
contain information that is confidential or otherwise protected from
disclosure. If you are not the intended recipient of this message, or if this
message has been addressed to you in error, please immediately alert the sender
by reply e-mail and then delete this message, including any attachments. Any
dissemination, distribution or other use of the contents of this message by
anyone other than the intended recipient is strictly prohibited. All messages
sent to and from this e-mail address may be monitored as permitted by
applicable law and regulations to ensure compliance with our internal policies
and to protect our business. E-mails are not secure and cannot be guaranteed to
be error free as they can be intercepted, amended, lost or destroyed, or
contain viruses. You are deemed to have accepted these risks if you communicate
with us by e-mail.
