Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8151893

Add security property to configure XML Signature secure validation mode

XMLWordPrintable

        The XML Signature secure validation mode is all or nothing, there is no way to selectively control each of the restrictions. The mode is enabled either by setting the property "org.jcp.xml.dsig.secureValidation" to true with the javax.xml.crypto.XMLCryptoContext.setProperty() method, or by running the code with a SecurityManager.

        It would be useful to define a new security property that allows you to configure the individual restrictions that are enabled. For example:

        jdk.xmldsig.secureValidation=xslt, md5, refs > 29, \
            trans > 4, uniqueIds, uri = file | http, \
            retMethodLoop, DSA keySize < 1024, \
            RSA keySize < 1024

        An administrator could selectively control each restriction, and could remove/disable a single restriction without having to completely turn off everything.

          1.
          		 Release Note: Add security property to configure XML Signature secure validation mode Sub-task Closed Sean Mullan  

              mullan Sean Mullan
              mullan Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: