In a recent blog of my colleague Andreas Sterbenz, he asks the Java community for input on the security features for JDK 7.
There's a new java.sun.com article titled Java XML Digital Signatures. It includes an introduction to XML digital signatures and to the new Java XML Digital Signatures APIs (JSR 105).
In XML Signatures, Reference elements use URIs to describe the data that is to be digested and signed. Adding support for your own URI dereferencing implementation is pretty straightforward in JSR 105.
JavaOne is right around the corner, next week to be precise. If you are going, I encourage you to check out one (or both) of the technical sessions/BOFs related to Java Security:
Mustang Beta (JDK 6) was released today and contains many new security features:
- JSR 105, the Java XML Digital Signature API and implementation.
- Native Platform GSS/Kerberos Integration. This feature allows Java GSS applications to take advantage of features in the native GSS/Ker
In a previous blog entry, I discussed how to determine what caused an invalid XML Signature and provided some code snippets. But for some programmers, this information may not be enough, and you may want to know more details.
Well then, good news.
When validating an XML Signature using the Java XML DSig API, it returns a simple boolean indicating if the signature is valid or not:
// Validate the XMLSignature boolean coreValidity = xmlSignature.validate(valContext);
If it is valid, then great ... no worries. But what if it is invalid?
The Apache XML Security Team has announced the 1.3 release of the Java XML-Security library.
The main changes in this release are:
* Better performance & memory utilization.
* Bug fixes.
The detailed changelog can be found here: http://xml.apache.org/security/changes.html
In a previous blog entry I mentioned that the final release of JSR 105 (XML Digital Signature API)
is available from http://jcp.org/aboutJava/communityprocess/final/jsr105/index.html.
In case you missed it, the final release of JSR 105 (Java XML Digital Signature API) is now available! :