ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WSS-518) WSConfig static initializer attempts to modify JCE Providers fail in JVM with restrictive security policies
Date Mon, 03 Nov 2014 10:32:34 GMT

    [ https://issues.apache.org/jira/browse/WSS-518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14194417#comment-14194417
] 

Colm O hEigeartaigh commented on WSS-518:
-----------------------------------------

I've added a duplicate method to WSSConfig (setAddJceProviders) to also turn off adding JCE
Providers. I have no confidence though that WSS4J is going to work in a cloud environment
where you can't add security providers or read system properties though.

> WSConfig static initializer attempts to modify JCE Providers fail in JVM with restrictive
security policies 
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: WSS-518
>                 URL: https://issues.apache.org/jira/browse/WSS-518
>             Project: WSS4J
>          Issue Type: Improvement
>          Components: WSS4J Core
>    Affects Versions: 2.0.2
>            Reporter: Aaron Anderson
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.0.3
>
>
> I am attempting to use WSS4j 2.0.2 to perform WS-Security x509 signatures on XML DOM
objects in a restrictive Cloud based JVM environment. When I attempt to sign a document the
org.apache.wss4j.dom.WSConfig class gets initialized and it has a static initializer to load
several JCE libraries. Because the JVM SecurityManager has restrictive polices defined any
attempts to read system properties or modify JCE providers are denied and the class fails
to load. The org.apache.wss4j.common.crypto.WSProviderConfig class has a setAddJceProviders
and I think the WSConfig class should honor that setting. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message