Sean Mullan's Blog

This question has come up in user forums quite a bit: "how can I use a more recent Apache XML Security library with the XML Signature APIs (JSR 105) in JDK 6 and JDK 7?"

Most of the time, you will not need to do this. Our JDK 6/7 XML Signature implementation is based on Apache XML Security and we try to keep up with the latest release. However, there may be a bug fix or new algorithm that you really need and are willing to depend on a more recent version of the Apache XML Security library that has that fix.  Here is what you need to do if so:

• Place the Apache xmlsec.jar in the endorsed standards directory. 
• You will also need to put the Apache commons logging jar there as well, since the Apache code uses a different logging mechanism than the JDK.

And that's it. You can also use the java.endorsed.dirs  system property to point to different directory containing the jars above.

Just a reminder that we'll be holding a BOF at this year's JavaOne conference on "New Security Features in JDK™ Releases 6 and 7".  It is on Wednesday at 6:45 PM in Gateway 102/103 in the Moscone Center. We plan to have a short presentation on the latest security features in JDK 6, JDK 7 and JavaFX. Then, we are going to show a demo of the new blacklist mechanism in the just-released JRE 6u14. The remaining time will be for Q&A so please bring your questions on Java Security as many members of Sun's Java Security team will be on hand to help answer them.