I guess need to add Apache Xalan into the voodoo mix.
Problem 3 is an issue we are encountering.
On 04/26/2012 12:34 PM, Anil Saldhana wrote:
the JDK incorporates JAXP and JSR 105 (XML Signature API). For this
reason, you can always write code to be based on the JDK, over the
latest xerces or xml security (santurio).
But in reality, from what I have read on the web, the JDK
implementations of JAXP and XML Signatures always lags behind what is in
xerces and santurio by at least a couple of versions.
Since JSR 106 (XML Encryption API) never went anywhere in the JCP, users
have to use apache xmlsec to get xmlenc.
What I want to highlight here is that we should prefer Apache xerces and
santurio over the JDK internal implementation.