| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <document> |
| <body> |
| <section name="Obtain the Apache WSS4J™ distribution"> |
| <p> |
| The <b>Apache WSS4J™</b> project provides a Java implementation of the primary security |
| standards for Web Services. |
| </p> |
| <subsection name="How to Download"> |
| <p> |
| Use the links below to download a distribution of Apache WSS4J from one of our mirrors. |
| It is good practice to verify the integrity of the distribution files. Apache WSS4J releases are |
| available under the |
| <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> - see the |
| LICENSE.txt and NOTICE.txt files contained in each release artifact. |
| </p> |
| </subsection> |
| <subsection name="Current official release (closest mirror site selected automatically)"> |
| <ul> |
| <li> |
| <p> |
| The current stable release is Apache WSS4J 2.3.1: |
| </p> |
| <p> |
| <a href="https://www.apache.org/dyn/closer.lua/ws/wss4j/2.3.1/wss4j-2.3.1-source-release.zip">wss4j-2.3.1-source-release.zip</a> |
| (<a href="https://downloads.apache.org/ws/wss4j/2.3.1/wss4j-2.3.1-source-release.zip.asc">PGP</a>) |
| (<a href="https://downloads.apache.org/ws/wss4j/2.3.1/wss4j-2.3.1-source-release.zip.sha512">SHA-512</a>) |
| </p> |
| </li> |
| <li> |
| <p> |
| The current release on the older 2.2.x-fixes branch is Apache WSS4J 2.2.6: |
| </p> |
| <p> |
| <a href="https://www.apache.org/dyn/closer.lua/ws/wss4j/2.2.6/wss4j-2.2.6-source-release.zip">wss4j-2.2.6-source-release.zip</a> |
| (<a href="https://downloads.apache.org/ws/wss4j/2.2.6/wss4j-2.2.6-source-release.zip.asc">PGP</a>) |
| (<a href="https://downloads.apache.org/ws/wss4j/2.2.6/wss4j-2.2.6-source-release.zip.sha512">SHA-512</a>) |
| </p> |
| </li> |
| </ul> |
| </subsection> |
| <subsection name="Verifying Releases"> |
| <p> |
| When downloading from a mirror please check the SHA-512/SHA1 checksums as well |
| as verifying the OpenPGP compatible signature available from the main Apache |
| site. The <a href="https://downloads.apache.org/ws/wss4j/KEYS">KEYS</a> file |
| contains the public keys used for signing the release. It is recommended that a |
| web of trust is used to confirm the identity of these keys. |
| </p> |
| <p> |
| You can check the OpenPGP compatible signature with GnuPG via: |
| <ul> |
| <li>gpg --import KEYS</li> |
| <li>gpg --verify wss4j-*-source-release.zip.asc</li> |
| </ul> |
| </p> |
| <p> |
| You can check the SHA-512 digests with: |
| <ul> |
| <li>sha512sum wss4j-*-source-release.zip (and compare output to wss4j-*-source.release.zip.sha512)</li> |
| </ul> |
| </p> |
| </subsection> |
| <subsection name="Archive of old releases"> |
| <p> |
| Older releases are available in the <a href="https://archive.apache.org/dist/ws/wss4j/">archive</a>. |
| </p> |
| </subsection> |
| </section> |
| |
| </body> |
| </document> |