Skip to main content
View by: Most Recent | Topic | Community | Webloggers   
Monthly Archives:    

Blogs by topic Security and user mullan

• Accessibility • Ajax • Blogging • Business • Community 
• Databases • Deployment • Distributed • Eclipse • Education 
• EJB • Extreme Programming • Games • GlassFish • Grid 
• GUI • IDE • Instant Messaging • J2EE • J2ME 
• J2SE • Jakarta • JavaFX • JavaOne • Jini 
• JSP • JSR • JXTA • LDAP • Linux 
• Mobility • NetBeans • Open Source • OpenSolaris • OSGi 
• P2P • Patterns • Performance • Porting • Programming 
• Research • RMI • RSS Feeds • Search • Security 
• Servlets • Struts • Swing • Testing • Tools 
• Virtual Machine • Web Applications • Web Design • Web Development Tools • Web Services and XML 


I'm happy to announce that the final release of Apache Java XML Security 1.4.2 is now available. See the web site for more details on the release or download it from The main highlights of this release are: 22 bugs and rfes have been fixed A new implementation of C14N 1.1 is supported. A potentially serious XML...
on Jun 24, 2008
JSR 105 (XML Digital Signature API) is included with JDK 6, but is also available separately, for example as part of the Apache XML Security Project. This allows you to use the JSR with earlier JDK/JREs such as JDK 1.4 or JDK 5. If you do this, however, be aware that the JSR 105 service provider implementation is not included by default with JDK 1.4 or JDK 1.5, so you may get some exceptions...
on Feb 27, 2008
In a previous blog entry, I wrote about how to enable logging to get debugging output when using the Java XML DSig API to validate an XML Signature. There are also various methods in the API that you can invoke to get similar information. Here are a couple of those which are probably most useful: SignedInfo.getCanonicalizedData This method will return an InputStream containing the canonicalized...
on Aug 3, 2007
Wow, JavaOne is here again, next week to be exact! I hope you are going. We have a bunch of new security features in the JDK and a number of things we are thinking about for the future. Come to one of our sessions to learn or discuss more about Java Security: 1. Ask the Experts about Java Security in the Java Pavilion (booth #1538) Time: Tuesday, 12:30 - 1:30 PM 2. Session ID: TS-2594...
on May 4, 2007
Apache Java XML Security 1.4 has just been released. This is the first release that contains an implementation of JSR 105, the standard Java XML Digital Signature API. It also contains several performance and memory reduction improvements. See the website for more details and a download link.
on Jan 29, 2007
In a recent blog of my colleague Andreas Sterbenz, he asks the Java community for input on the security features for JDK 7. Specifically, he writes: Let us know your suggestions for features in the security area including topics such as crypto, PKI, SSL, Kerberos, security manager + policy, authorization + JAAS, SASL, XML security, secure coding, performance, ease of use and administration, and...
on Aug 25, 2006
There's a new article titled Java XML Digital Signatures. It includes an introduction to XML digital signatures and to the new Java XML Digital Signatures APIs (JSR 105). It also discusses how to accelerate Java XML digital signature performance using cryptographic hardware accelerators such as Sun's UltraSPARC T1 processor with cryptographic acceleration support. The article was...
on Jul 14, 2006
In XML Signatures, Reference elements use URIs to describe the data that is to be digested and signed. Adding support for your own URI dereferencing implementation is pretty straightforward in JSR 105. First you need to create a concrete implementation of the javax.xml.crypto.URIDereferencer interface, ex: public class MyURIDereferencer implements URIDereferencer { ... There is only one...
on Jun 28, 2006
In a previous blog entry, I discussed how to determine what caused an invalid XML Signature and provided some code snippets. But for some programmers, this information may not be enough, and you may want to know more details. Well then, good news. The reference implementation of XML DSig has extensive logging support, that when enabled, will provide you with lots of additional information. The...
on Feb 14, 2006
When validating an XML Signature using the Java XML DSig API, it returns a simple boolean indicating if the signature is valid or not: // Validate the XMLSignature boolean coreValidity = xmlSignature.validate(valContext); If it is valid, then great ... no worries. But what if it is invalid? How can you determine exactly what caused the failure? Perhaps you used the wrong key to validate the...
on Jan 27, 2006
The Apache XML Security Team has announced the 1.3 release of the Java XML-Security library. The main changes in this release are: * Better performance & memory utilization. * Bug fixes. The detailed changelog can be found here: So what's next? Well, plans are already underway to integrate JSR 105 with the next release. But we are also looking...
on Nov 29, 2005
In case you missed it, the final release of JSR 105 (Java XML Digital Signature API) is now available! :
on Jun 26, 2005
This being my first blog entry, I'll quickly introduce myself. I'm an engineer at Sun Microsystems working on Java (SE) Security, primarily in the areas of XML Security, PKI and access control. At next week's JavaOne, our team are presenting a talk and a BOF. Here are the details: TS-7247 New Security and Networking Features for Web Services, Smart Cards, and More Security and networking...
on Jun 24, 2005