santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Werner Dittmann <>
Subject [xml-sec] Some thought about the JCE provider
Date Sun, 12 Mar 2006 07:10:43 GMT

currently xml-sec use two different ways to specify which provider
to use for a specific algorithm:

1. Set the provider id is a class variable in JCEMapper. An explicit
   check must be made to see if the provider id is set and then use it.

2. The XMLCipher uses different getInstance(...) methods to specify
   a provider. Thus it is sort of an explicit definition.

Porposal: Use only one way to specify a JCE provider. I would opt
for the second way (definie ti explicitly). For some time we could
declare the "old" method as deprecated.

In that sens I would also propose to implement a sort of fallback
mechanisms if the specified provider is either not avaliable or does
not provider the required algorithm. In such a case

- issue a "log.warning" message (not an error) and

- fallback to a standard provider. Only if this also fails throw an

What do you think?


View raw message