torsten.reinh...@gi-de.com wrote:
Hi,
I migrated my application from JDK5 (with external xmlsec-1.4.2.jar) to
JDK6 (where xmlsec is included now).
After that I got
javax.xml.crypto.MarshalException: unsupported signature algorithm:
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
at
org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.unmarshal(DOMSignatureMethod.java:86)
at
org.jcp.xml.dsig.internal.dom.DOMSignedInfo.<init>(DOMSignedInfo.java:122)
at
org.jcp.xml.dsig.internal.dom.DOMXMLSignature.<init>(DOMXMLSignature.java:119)
at
org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(DOMXMLSignatureFactory.java:152)
at
org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(DOMXMLSignatureFactory.java:116)
so I tried the lib\endorsed workaround, and put xmlsec-1.4.2 and
commons-logging into that folder.
That worked fine for me - but not for my collegues.
They than run into "NoClassDefFoundError" from different points - one
were missing the Log4J Logger class implementation (could be resolved by
putting log4j.jar to lib\endorsed), the others had trouble with WSS4J
and so on.
I wouldn´t like to put all our libraries in the lib\endorsed folder - is
there another way to use xmlsec-1.4.2 in JDK6.0 ?
Is there a plan to include xmlsec-1.4.2 in one of the next JDK patches
(>=1.6.0_14) ?
We don't have plans to integrate the entire xmlsec-1.4.2 in Sun's JDK 6.
XMLSec 1.4.2 is already in JDK 7 (via OpenJDK:
https://jdk7.dev.java.net/). However, I have just opened an RFE to add
support for the stronger SHA256-RSA and SHA512-RSA algorithms and
targeted it to JDK 6u16. In the meantime the only workaround I know is
to use the endorsed libraries mechanism.
--Sean
