xmlsec
Used in
components
- OverviewOverview
- VersionsVersions
- DependentsDependents
- DependenciesDependencies
<dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
<version>4.0.3</version>
</dependency><!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache</groupId>
<artifactId>apache</artifactId>
<version>33</version>
</parent>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
<version>4.0.3</version>
<packaging>bundle</packaging>
<name>Apache XML Security for Java</name>
<description>
Apache XML Security for Java supports XML-Signature Syntax and Processing,
W3C Recommendation 12 February 2002, and XML Encryption Syntax and
Processing, W3C Recommendation 10 December 2002. Since version 1.4,
the library supports the standard Java API JSR-105: XML Digital Signature APIs.
</description>
<url>https://santuario.apache.org/</url>
<inceptionYear>2000</inceptionYear>
<organization>
<name>The Apache Software Foundation</name>
<url>https://www.apache.org/</url>
</organization>
<licenses>
<license>
<name>Apache-2.0</name>
<url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
<distribution>repo</distribution>
</license>
</licenses>
<mailingLists>
<mailingList>
<name>Apache Santuario Developer List</name>
<subscribe>dev-subscribe@santuario.apache.org</subscribe>
<unsubscribe>
dev-unsubscribe@santuario.apache.org
</unsubscribe>
<post>dev@santuario.apache.org</post>
<archive>
http://news.gmane.org/gmane.text.xml.security.devel
</archive>
</mailingList>
</mailingLists>
<scm>
<connection>scm:git:https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git</connection>
<developerConnection>scm:git:https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git</developerConnection>
<url>https://gitbox.apache.org/repos/asf?p=santuario-xml-security-java.git;a=summary</url>
<tag>xmlsec-4.0.3</tag>
</scm>
<issueManagement>
<system>JIRA</system>
<url>https://issues.apache.org/jira/browse/SANTUARIO</url>
</issueManagement>
<distributionManagement>
<repository>
<id>apache.releases.https</id>
<name>Apache Release Distribution Repository</name>
<url>https://repository.apache.org/service/local/staging/deploy/maven2</url>
</repository>
<snapshotRepository>
<id>apache.snapshots.https</id>
<name>Apache Development Snapshot Repository</name>
<url>https://repository.apache.org/content/repositories/snapshots</url>
<uniqueVersion>false</uniqueVersion>
</snapshotRepository>
</distributionManagement>
<properties>
<activation-api.version>2.1.3</activation-api.version>
<bcprov.version>1.78.1</bcprov.version>
<clirr.version>2.8</clirr.version>
<commons.codec.version>1.17.1</commons.codec.version>
<hamcrest.version>3.0</hamcrest.version>
<jaxb.runtime>4.0.3</jaxb.runtime>
<jetty.version>11.0.16</jetty.version>
<jmh.version>1.37</jmh.version>
<junit.version>5.11.1</junit.version>
<slf4j.version>2.0.16</slf4j.version>
<xalan.version>2.7.3</xalan.version>
<xmlunit.version>2.10.0</xmlunit.version>
<xml.bind.api.version>4.0.2</xml.bind.api.version>
<woodstox.core.version>6.6.2</woodstox.core.version>
<maven.compiler.release>11</maven.compiler.release>
<project.build.outputTimestamp>2024-10-25T10:42:15Z</project.build.outputTimestamp>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- Allow Clirr severity to be overriden by the command-line option -DminSeverity=level -->
<minSeverity>info</minSeverity>
<xmlsec.jaxb.context.class />
<!-- Important for FuncHere.java aka here() -->
<maven.test.argLine>
-Dfile.encoding=UTF-8
-Djava.util.logging.config.file=${project.build.testOutputDirectory}/logging.properties
--add-exports org.apache.santuario.xmlsec/org.apache.xml.security.test.dom.utils.jmh_generated=ALL-UNNAMED
--add-exports org.apache.santuario.xmlsec/org.apache.xml.security.test.dom.xalan=ALL-UNNAMED
--add-exports org.apache.santuario.xmlsec/org.apache.xml.security.test.stax.performance.jmh_generated=ALL-UNNAMED
--add-opens org.apache.santuario.xmlsec/org.apache.xml.security.test.dom.providers=java.base
</maven.test.argLine>
<skipUT>false</skipUT>
<skipIT>true</skipIT>
<test.logging.level>INFO</test.logging.level>
</properties>
<dependencies>
<dependency>
<groupId>jakarta.activation</groupId>
<artifactId>jakarta.activation-api</artifactId>
<version>${activation-api.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>jakarta.xml.bind</groupId>
<artifactId>jakarta.xml.bind-api</artifactId>
<version>${xml.bind.api.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>${commons.codec.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>com.fasterxml.woodstox</groupId>
<artifactId>woodstox-core</artifactId>
<version>${woodstox.core.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-engine</artifactId>
<version>${junit.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-params</artifactId>
<version>${junit.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-library</artifactId>
<version>${hamcrest.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.xmlunit</groupId>
<artifactId>xmlunit-core</artifactId>
<version>${xmlunit.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.xmlunit</groupId>
<artifactId>xmlunit-matchers</artifactId>
<version>${xmlunit.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-runtime</artifactId>
<version>${jaxb.runtime}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-jdk14</artifactId>
<version>${slf4j.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>${jetty.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlet</artifactId>
<version>${jetty.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlets</artifactId>
<version>${jetty.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>${xalan.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>xalan</groupId>
<artifactId>serializer</artifactId>
<version>${xalan.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.openjdk.jmh</groupId>
<artifactId>jmh-core</artifactId>
<version>${jmh.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.openjdk.jmh</groupId>
<artifactId>jmh-generator-annprocess</artifactId>
<version>${jmh.version}</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<defaultGoal>install</defaultGoal>
<resources>
<resource>
<directory>src/main/resources</directory>
</resource>
<resource>
<!-- Because of src/main/java/org/apache/xml/security/resource/**/* -->
<directory>src/main/java</directory>
<excludes>
<exclude>**/*.java</exclude>
</excludes>
</resource>
</resources>
<testResources>
<testResource>
<directory>src/test/resources</directory>
<filtering>true</filtering>
<includes>
<include>logging.properties</include>
</includes>
</testResource>
<testResource>
<directory>src/test/resources</directory>
<excludes>
<exclude>logging.properties</exclude>
</excludes>
</testResource>
<testResource>
<directory>src/test/java</directory>
<includes>
<include>org/apache/xml/security/test/dom/resource/testvectors.zip</include>
</includes>
</testResource>
</testResources>
<pluginManagement>
<plugins>
<plugin>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.10.0</version>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
<configuration>
<attach>true</attach>
<excludePackageNames>org.apache.xml.security.binding.*</excludePackageNames>
<doclint>none</doclint>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>clirr-maven-plugin</artifactId>
<version>${clirr.version}</version>
<configuration>
<minSeverity>${minSeverity}</minSeverity>
</configuration>
</plugin>
<plugin>
<artifactId>maven-release-plugin</artifactId>
<version>3.1.1</version>
<configuration>
<useReleaseProfile>false</useReleaseProfile>
<preparationGoals>clean install</preparationGoals>
<goals>deploy</goals>
<arguments>-Papache-release</arguments>
<autoVersionSubmodules>true</autoVersionSubmodules>
</configuration>
</plugin>
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
<version>2.9.0</version>
<executions>
<execution>
<id>make-bom</id>
<phase>package</phase>
<goals>
<goal>makeAggregateBom</goal>
</goals>
</execution>
</executions>
<configuration>
<outputName>${project.artifactId}-${project.version}-bom</outputName>
</configuration>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.5.0</version>
<configuration>
<rules>
<requireMavenVersion>
<version>3.5</version>
</requireMavenVersion>
</rules>
</configuration>
</plugin>
<plugin>
<groupId>com.evolvedbinary.maven.jvnet</groupId>
<artifactId>jaxb30-maven-plugin</artifactId>
<version>0.15.0</version>
<executions>
<execution>
<id>generate-jaxb-sources</id>
<phase>generate-sources</phase>
<goals>
<goal>generate</goal>
</goals>
<configuration>
<schemaDirectory>${basedir}/src/main/resources/</schemaDirectory>
<schemaIncludes>
<schemaInclude>schemas/security-config.xsd</schemaInclude>
<schemaInclude>bindings/schemas/exc-c14n.xsd</schemaInclude>
<schemaInclude>bindings/schemas/xmldsig-core-schema.xsd</schemaInclude>
<schemaInclude>bindings/schemas/xmldsig11-schema.xsd</schemaInclude>
<schemaInclude>bindings/schemas/dsig-more_2001_04.xsd</schemaInclude>
<schemaInclude>bindings/schemas/dsig-more_2007_05.xsd</schemaInclude>
<schemaInclude>bindings/schemas/dsig-more_2021_04.xsd</schemaInclude>
<schemaInclude>bindings/schemas/xenc-schema.xsd</schemaInclude>
<schemaInclude>bindings/schemas/xenc-schema-11.xsd</schemaInclude>
</schemaIncludes>
<bindingDirectory>${basedir}/src/main/resources/bindings/</bindingDirectory>
<bindingIncludes>
<bindingInclude>c14n.xjb</bindingInclude>
<bindingInclude>dsig.xjb</bindingInclude>
<bindingInclude>dsig11.xjb</bindingInclude>
<bindingInclude>dsig-more.xjb</bindingInclude>
<bindingInclude>xenc.xjb</bindingInclude>
<bindingInclude>xenc11.xjb</bindingInclude>
<bindingInclude>security-config.xjb</bindingInclude>
<bindingInclude>xop.xjb</bindingInclude>
</bindingIncludes>
<catalog>${basedir}/src/main/resources/bindings/bindings.cat</catalog>
<forceRegenerate>false</forceRegenerate>
<episode>true</episode>
<specVersion>3.0</specVersion>
<extension>true</extension>
<!-- disable schema validation since the validation code
doesn't respect the catalog and will do online lookups :-( -->
<strict>false</strict>
<args>
<arg>-npa</arg>
<arg>-no-header</arg>
</args>
</configuration>
</execution>
</executions>
</plugin>
<plugin><!-- workaround for non-reproducible bits generated by jaxb30-maven-plugin / xjc even with -no-header argument -->
<groupId>com.google.code.maven-replacer-plugin</groupId>
<artifactId>replacer</artifactId>
<version>1.5.3</version>
<executions>
<execution>
<id>bindings-workaround-sun-jaxb</id>
<phase>process-sources</phase>
<goals>
<goal>replace</goal>
</goals>
<configuration>
<file>${project.build.directory}/generated-sources/xjc/META-INF/sun-jaxb.episode</file>
<replacements>
<replacement>
<token>Generated on: .+</token>
<value />
</replacement>
</replacements>
<regex>true</regex>
</configuration>
</execution>
<execution>
<id>types-workaround-xmldsig</id>
<phase>process-sources</phase>
<goals>
<goal>replace</goal>
</goals>
<configuration>
<file>${project.build.directory}/generated-sources/xjc/org/apache/xml/security/binding/xmldsig/PGPDataType.java</file>
<replacements>
<replacement>
<token>line (.+) of file:.+src/main/resources/(.+)</token>
<value>line $1 of file:src/main/resources/$2</value>
</replacement>
</replacements>
<regex>true</regex>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.13.0</version>
<configuration>
<showDeprecation>true</showDeprecation>
<showWarnings>true</showWarnings>
<compilerArgs>
<arg>-XDcompilePolicy=simple</arg>
<!-- TODO Disabled until JDK 14 is supported <arg>-Xplugin:ErrorProne</arg>-->
</compilerArgs>
<annotationProcessorPaths>
<path>
<groupId>org.openjdk.jmh</groupId>
<artifactId>jmh-generator-annprocess</artifactId>
<version>${jmh.version}</version>
</path>
<path>
<groupId>com.google.errorprone</groupId>
<artifactId>error_prone_core</artifactId>
<version>2.34.0</version>
</path>
</annotationProcessorPaths>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>5.1.9</version>
<extensions>true</extensions>
<configuration>
<niceManifest>true</niceManifest>
<instructions>
<Implementation-Title>Apache XML Security</Implementation-Title>
<Implementation-Vendor>The Apache Software Foundation</Implementation-Vendor>
<Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
<Implementation-Version>${project.version}</Implementation-Version>
<Specification-Title>Apache XML Security</Specification-Title>
<Specification-Vendor>The Apache Software Foundation</Specification-Vendor>
<Specification-Version>${project.version}</Specification-Version>
<Export-Package>
org.apache.xml.security.*;version="${project.version}";-split-package:=first,
org.apache.jcp.xml.dsig.internal.*;version="${project.version}",
</Export-Package>
<Import-Package>
!org.apache.xml.security.*,
!org.apache.jcp.xml.dsig.internal.*,
org.apache.commons.codec.*;version="[1.15,2)",
*
</Import-Package>
<_noimportjava>true</_noimportjava>
</instructions>
</configuration>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.12</version>
<configuration>
<outputDirectory>${project.build.directory}</outputDirectory>
<includes>
<include>org/apache/xml/security/**</include>
<include>org/apache/jcp/xml/dsig/internal/**</include>
</includes>
<formats>
<!-- Eclipse uses exec files, SonarQube uses xml reports -->
<format>XML</format>
</formats>
</configuration>
<executions>
<execution>
<id>jacoco-agent-for-unit-tests</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>jacoco-report</id>
<phase>verify</phase>
<goals>
<goal>report</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.5.0</version>
<configuration>
<reportFormat>brief</reportFormat>
<includes>
<include>**/*Test.java</include>
</includes>
<excludedGroups>benchmark</excludedGroups>
<!-- We need to reinitialize classes based on the configuration -->
<reuseForks>false</reuseForks>
<forkCount>1</forkCount>
<forkNode implementation="org.apache.maven.plugin.surefire.extensions.SurefireForkNodeFactory" />
<!-- @{argLine} is generated by jacoco-prepare -->
<argLine>${maven.test.argLine} @{argLine}</argLine>
<skipExec>${skipUT}</skipExec>
<systemPropertyVariables>
<product.version>${project.version}</product.version>
<log4j.configurationFile>${project.build.testOutputDirectory}/log4j2.xml</log4j.configurationFile>
<!--<jakarta.xml.bind.JAXBContext>${xmlsec.jaxb.context.class}</jakarta.xml.bind.JAXBContext>-->
<javax.xml.accessExternalDTD>file</javax.xml.accessExternalDTD>
<org.apache.xml.security.securerandom.algorithm>SHA1PRNG</org.apache.xml.security.securerandom.algorithm>
<file.encoding>UTF-8</file.encoding>
</systemPropertyVariables>
<environmentVariables>
<LANG>en_US.UTF-8</LANG>
<LANGUAGE>en_US:us</LANGUAGE>
</environmentVariables>
</configuration>
</plugin>
<plugin>
<artifactId>maven-failsafe-plugin</artifactId>
<version>3.5.0</version>
<configuration>
<argLine>${maven.test.argLine}</argLine>
<skipExec>${skipIT}</skipExec>
<groups>benchmark</groups>
<forkCount>1</forkCount>
<forkNode implementation="org.apache.maven.plugin.surefire.extensions.SurefireForkNodeFactory" />
<systemPropertyVariables>
<product.version>${project.version}</product.version>
<javax.xml.accessExternalDTD>file</javax.xml.accessExternalDTD>
<org.apache.xml.security.securerandom.algorithm>SHA1PRNG</org.apache.xml.security.securerandom.algorithm>
<file.encoding>UTF-8</file.encoding>
</systemPropertyVariables>
<environmentVariables>
<LANG>en_US.UTF-8</LANG>
<LANGUAGE>en_US:us</LANGUAGE>
</environmentVariables>
</configuration>
<executions>
<execution>
<id>integration-test</id>
<goals>
<goal>integration-test</goal>
</goals>
</execution>
<execution>
<id>verify</id>
<goals>
<goal>verify</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.gaul</groupId>
<artifactId>modernizer-maven-plugin</artifactId>
<version>2.6.0</version>
<configuration>
<javaVersion>${maven.compiler.release}</javaVersion>
</configuration>
<executions>
<execution>
<id>modernizer-check</id>
<phase>verify</phase>
<goals>
<goal>modernizer</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.21.0</version>
<configuration>
<rulesets>
<ruleset>${basedir}/etc/santuario-pmd-ruleset.xml</ruleset>
</rulesets>
<linkXRef>false</linkXRef>
<failOnViolation>true</failOnViolation>
<verbose>true</verbose>
<includeTests>true</includeTests>
<excludes>
<exclude>**/XMLUtilsPerformanceIT.java</exclude>
</excludes>
<excludeRoots>
<excludeRoot>${project.build.directory}/generated-test-sources</excludeRoot>
</excludeRoots>
</configuration>
<executions>
<execution>
<id>pmd-verify</id>
<phase>verify</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.10.0</version>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
<reporting>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>clirr-maven-plugin</artifactId>
<version>${clirr.version}</version>
<configuration>
<minSeverity>${minSeverity}</minSeverity>
</configuration>
</plugin>
</plugins>
</reporting>
<profiles>
<profile>
<id>fastinstall</id>
<properties>
<maven.test.skip>true</maven.test.skip>
<pmd.skip>true</pmd.skip>
</properties>
</profile>
<profile>
<id>nochecks</id>
<properties>
<pmd.skip>true</pmd.skip>
</properties>
</profile>
<profile>
<id>bouncycastle</id>
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>${bcprov.version}</version>
<scope>test</scope>
</dependency>
</dependencies>
</profile>
</profiles>
</project>
Open source consumption has exploded, with estimates placing this year’s downloads at over 6.6 trillion. This reliance on open source components, now making up to 90% of the modern software application, has ushered in both unprecedented innovation and complex challenges for software supply chains.
View the Report