Apache WebServices - WSS4J

Clone this repo:
  1. f6aa404 Bump github/codeql-action from 3.28.16 to 3.28.17 (#486) by dependabot[bot] · 4 months ago master
  2. 67c4d64 Bump com.puppycrawl.tools:checkstyle from 10.23.0 to 10.23.1 (#484) by dependabot[bot] · 4 months ago
  3. 4f8acc1 Bump github/codeql-action from 3.28.15 to 3.28.16 (#485) by dependabot[bot] · 4 months ago
  4. 2f2fdb4 Bump junit.version from 5.12.1 to 5.12.2 (#481) by dependabot[bot] · 4 months ago
  5. 73788c2 Bump com.google.guava:guava from 33.4.7-jre to 33.4.8-jre (#482) by dependabot[bot] · 4 months ago

Build Status Maven Central OpenSSF Scorecard OpenSSF Best Practices

Apache WSS4J

The Apache WSS4J© project provides a Java implementation of the primary security standards for Web Services, namely the OASIS Web Services Security (WS-Security) specifications from the OASIS Web Services Security TC. WSS4J provides an implementation of the following WS-Security standards:

  • SOAP Message Security 1.1
  • Username Token Profile 1.1
  • X.509 Certificate Token Profile 1.1
  • SAML Token Profile 1.1
  • Kerberos Token Profile 1.1
  • SOAP with Attachments (SWA) Profile 1.1
  • Basic Security Profile 1.1

Apache WSS4J, Apache, and the Apache feather logo are trademarks of The Apache Software Foundation.

The master link to WSS4J: http://ws.apache.org/wss4j/

Crypto Notice

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this Apache Software Foundation distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

The following provides more details on the included cryptographic software:

Apache Santuario : http://santuario.apache.org/ Apache WSS4J : http://ws.apache.org/wss4j/ Bouncycastle : http://www.bouncycastle.org/

Test Requirements

The WSS4J unit tests use STRONG encryption. The default encryption algorithms included in a JRE is not adequate for these samples. The Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files available on Oracle's JDK download page[1] must be installed for the tests to work. If you get errors about invalid key lengths, the Unlimited Strength files are not installed.

[1] http://www.oracle.com/technetwork/java/javase/downloads/index.html