[SANTUARIO-512] security-config.xml is out of date - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Java 2.1.4
Fix Version/s: Java 2.2.0, Java 2.1.5
Component/s: Java
Labels:
None

Description

The security-config.xml shipped inside the library is quite out of date, and there are several cases when it's just completely wrong.
For example the RequiredKey setting is SHA1withDSA instead of DSA for DSA_SHA1 algorithm, MessageDigest algorithms are listed with KeyLength set to their output length, TransformBase64Decode implementation class is set to some stax version, when the Java code brings it in from a different package, and so on.

I'm wondering whether security-config.xml is still helpful in its current form, and whether it would be possible to somehow keep it in sync with the Java based defaults.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Peter Major

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 24/Oct/19 21:56

Updated:: 13/Mar/20 12:26

Resolved:: 01/Nov/19 13:36