XML Signature validation fails (using JSR 105 API) if a SecurityManager is enabled. This
is a bug that needs to be fixed. This the exception stack trace:

java.security.AccessControlException: access denied (java.util.PropertyPermission com.sun.org.apache.xml.internal.security.resource.config read)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
        at java.lang.System.getProperty(System.java:652)
        at com.sun.org.apache.xml.internal.security.Init.init(Init.java:111)
        at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.<clinit>(DOMXMLSignature.java:62)
        at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(DOMXMLSignatureFactory.java:152)
        at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(DOMXMLSignatureFactory.java:116)

Validating and generating XML Signatures should not require special permissions. The reading
of the property operation above either needs to be removed or wrapped in a doPrivileged block.