Hi, I migrated my application from JDK5 (with external xmlsec-1.4.2.jar) to JDK6 (where xmlsec is included now).
After that I got javax.xml.crypto.MarshalException: unsupported signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 at org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.unmarshal(DOMSignatureMethod.java:86) at org.jcp.xml.dsig.internal.dom.DOMSignedInfo.<init>(DOMSignedInfo.java:122) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.<init>(DOMXMLSignature.java:119) at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(DOMXMLSignatureFactory.java:152) at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(DOMXMLSignatureFactory.java:116) so I tried the lib\endorsed workaround, and put xmlsec-1.4.2 and commons-logging into that folder. That worked fine for me - but not for my collegues. They than run into "NoClassDefFoundError" from different points - one were missing the Log4J Logger class implementation (could be resolved by putting log4j.jar to lib\endorsed), the others had trouble with WSS4J and so on. I wouldn´t like to put all our libraries in the lib\endorsed folder - is there another way to use xmlsec-1.4.2 in JDK6.0 ? Is there a plan to include xmlsec-1.4.2 in one of the next JDK patches (>=1.6.0_14) ? And - by the way - why is so many code (JAXB, xmlsec, ....) going into the JDK where it is now more difficult to drop against another version? Thanx a lot for any help! Torsten
