Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8259801

Enable XML Signature secure validation mode by default

    XMLWordPrintable

Details

    Description

      The XML Signature secure validation mode is enabled by setting the property "org.jcp.xml.dsig.secureValidation" to true with the javax.xml.crypto.XMLCryptoContext.setProperty() method, or by running the code with a SecurityManager.

      Use of a security manager is increasingly rare. This option should be enabled by default regardless of whether a security manager is enabled so that all applications can be protected by default.

      Attachments

        Issue Links

          csr for

          CSR - null JDK-8260154 Enable XML Signature secure validation mode by default

          • P3 - Major loss of function.
          • Closed
          relates to

          Enhancement - null JDK-8223916 Add API to set XML DSig secure validation mode

          • P4 - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Enhancement - null JDK-8259709 Disable SHA-1 XML Signatures

          • P3 - Major loss of function.
          • Resolved

          Enhancement - null JDK-8301260 Add system property to toggle XML Signature secure validation mode

          • P3 - Major loss of function.
          • Resolved
          links to

          Commit Commit openjdk/jdk/baf46bac

          Review Review openjdk/jdk/2197

          Activity

            People

              mullan Sean Mullan
              mullan Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: