dan costelloe wrote:
Thanks for that Sean. You have lead me to a followup (inline):
Sean Mullan <Sean.Mullan <at> Sun.COM> writes:
dan costelloe wrote:
[snip]
2a) Is it possible to use the xml-security-1.4.2 classes in a java
application so that the 1.4.2 classes take a higher preference than
those in rt.jar? If so, can this be done without using
the -Xbootclasspath argument to the JVM?
Yes, place xmlsec.jar in the endorsed standards directory [1]. You will
also need to put the Apache commons logging jar [2] there as well, since
the Apache code uses a different logging mechanism than the JDK.
I suppose my question should have included 2c:
Can it be done *without* using the endorsed standards directory?
(I would like to be able to use an unmodified JRE with xmlsec 1.4.2,
if possible)
Well you can set the java.endorsed.dirs property to another directory if
that helps.
Are you ok with modifying the xmlsec classes? If so, you could rename
all of the org.jcp classes (to something like org.apache.jcp ...) and
then instantiate your XMLSignatureFactory as:
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", new
org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI());
which should use the xmlsec 1.4.2 classes for everything except the
javax.xml.crypto classes, which shouldn't really be necessary to override.
--Sean
