Sean Mullan's Blog

This question has come up in user forums quite a bit: "how can I use a more recent Apache XML Security library with the XML Signature APIs (JSR 105) in JDK 6 and JDK 7?"

Most of the time, you will not need to do this. Our JDK 6/7 XML Signature implementation is based on Apache XML Security and we try to keep up with the latest release. However, there may be a bug fix or new algorithm that you really need and are willing to depend on a more recent version of the Apache XML Security library that has that fix.  Here is what you need to do if so:

• Place the Apache xmlsec.jar in the endorsed standards directory. 
• You will also need to put the Apache commons logging jar there as well, since the Apache code uses a different logging mechanism than the JDK.

And that's it. You can also use the java.endorsed.dirs  system property to point to different directory containing the jars above.