| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
| <HTML> |
| <HEAD> |
| <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8"> |
| <TITLE>Apache WSS4J-1.5.3</TITLE> |
| <META NAME="GENERATOR" CONTENT="OpenOffice.org 1.9.79 (Linux)"> |
| <META NAME="AUTHOR" CONTENT="Werner Dittmann"> |
| <META NAME="CREATED" CONTENT="20050904;11070500"> |
| <META NAME="CHANGEDBY" CONTENT="Werner Dittmann"> |
| <META NAME="CHANGED" CONTENT="20050904;12155500"> |
| <STYLE> |
| <!-- |
| @page { size: 21cm 29.7cm } |
| H1.western { font-family: "Times New Roman" } |
| --> |
| </STYLE> |
| </HEAD> |
| <BODY LANG="de-DE" DIR="LTR"> |
| <H1 CLASS="western">What is WSS4J?</H1> |
| <P STYLE="margin-bottom: 0cm">WSS4J is part of the Apache Web |
| Services project. Here is <A HREF="http://ws.apache.org/">link </A>the |
| to all Apache Web Service projects.</P> |
| <P STYLE="margin-bottom: 0cm">Apache WSS4J is an implementation of |
| the OASIS Web Services Security specifications (WS-Security, WSS) |
| from OASIS Web Services Security TC. WSS4J is primarily a Java |
| library that can be used to sign, verify, encrypt, and decrypt SOAP |
| Messages according to the WS-Security specifications. WSS4J uses |
| Apache Axis and other Apache XML-Security projects and is |
| interoperable with other JAX-RPC based server/clients and .Net WSE |
| server/clients that follow the OASIS WSS specifications.</P> |
| <H2>Supported WSS Specifications</H2> |
| <P STYLE="margin-bottom: 0cm">WSS4J implements</P> |
| <UL> |
| <LI><P STYLE="margin-bottom: 0cm">OASIS Web Serives Security: SOAP |
| Message Security 1.0 Standard 200401, March 2004</P> |
| <LI><P STYLE="margin-bottom: 0cm">Username Token profile V1.0</P> |
| <LI><P STYLE="margin-bottom: 0cm">X.509 Token Profile V1.0</P> |
| </UL> |
| <P STYLE="margin-bottom: 0cm">The Web Services Security part of WSS4J |
| is fairly well tested and many WebService projects use it already. |
| Also interoperability with various other implementations is well |
| tested.</P> |
| <H2>Support of older WSS specifications</H2> |
| <P STYLE="margin-bottom: 0cm">The WSS4J release 1.1.0 is the last release |
| that was able to emulate previous WSS specs. |
| </P> |
| <P STYLE="margin-bottom: 0cm">This and next WSS4J releases (>= 1.5.x)</P> |
| <UL> |
| <LI><P STYLE="margin-bottom: 0cm">support the OASIS V1.0 specs and |
| the relevant namespaces only</P> |
| <LI><P STYLE="margin-bottom: 0cm">support one versions of |
| provisional (draft) namespaces for the upcoming version</P> |
| </UL> |
| <P STYLE="margin-bottom: 0cm">After the next version of the WSS specs |
| is finished, we do one WSS4J release with the provisional namespaces |
| and another release (with a new release number) with the then fixed |
| namespace URIs. Doing so we could save a lot of coding while |
| retaining some backward compatibility using the n-1 release.</P> |
| <H2>Web Services Security Features |
| </H2> |
| <P STYLE="margin-bottom: 0cm">WSS4J can generate and process the |
| following SOAP Bindings:</P> |
| <UL> |
| <LI><P STYLE="margin-bottom: 0cm">XML Security</P> |
| </UL> |
| <UL> |
| <LI><P STYLE="margin-bottom: 0cm">XML Signature</P> |
| <LI><P STYLE="margin-bottom: 0cm">XML Encryption</P> |
| <LI><P STYLE="margin-bottom: 0cm">Tokens</P> |
| <LI><P STYLE="margin-bottom: 0cm">Username Tokens</P> |
| <LI><P STYLE="margin-bottom: 0cm">Timestamps</P> |
| <LI><P STYLE="margin-bottom: 0cm">SAML Tokens</P> |
| </UL> |
| <P STYLE="margin-right: 0.03cm; margin-bottom: 0cm">WSS4J supports |
| X.509 binary certificates and certificate paths. Here is the <A HREF="http://ws.apache.org/wss4j/">link</A> |
| to WSS4J. There is also a Wiki concering Apache WS projects and WSS4J |
| as one of the WS sub-projects:</P> |
| <P STYLE="margin-bottom: 0cm"><A HREF="http://wiki.apache.org/ws/">http://wiki.apache.org/ws/</A></P> |
| <P STYLE="margin-bottom: 0cm"><A HREF="http://wiki.apache.org/ws/FrontPage/WsFx">http://wiki.apache.org/ws/FrontPage/WsFx</A></P> |
| <H3>WS-Trust and WS-Secure Conversation specifications</H3> |
| |
| <p>WSS4J now comes with the support for derived key token signature and |
| encryption. This is used by the Axis2-"rahas" module to provide the |
| WS-Secure Conversation.</p> |
| |
| <p>WS-Trust support is also being developed within Axis2 based on WSS4J</p> |
| |
| <p><i>org.apache.ws.sandbox.</i> package contains experimental implementations of these |
| specifications.</p> |
| |
| <H2>Installation (binary distribution)</H2> |
| <P STYLE="margin-bottom: 0cm">The WSS4J zip archive is the binary |
| distribution and contains the wss4j jar file, some examples, test |
| classes (incl. sources), the interop test classes (incl. sources and |
| necessary certificate store), and the according client and server |
| deployment and protery files.</P> |
| <P STYLE="margin-bottom: 0cm">The WSS4J jar file contains all classes |
| that implement the basic functions and the handlers. To install it |
| make sure this jar file is in the classpath of your Axis client |
| and/or Axis server. |
| </P> |
| <P STYLE="margin-bottom: 0cm">In addition you need to set up the |
| property files that contain information about the certificate |
| keystores you use. The property files and the keystore are accessed |
| either as resources via classpath or, if that fails, as files using |
| the relative path of the application |
| </P> |
| <P STYLE="margin-bottom: 0cm">Thus no specific installation is |
| required. The wss4j-1.5.3.jar file should be included into ear or war files |
| of enterprise or web application servers.</P> |
| <P STYLE="margin-bottom: 0cm">Please refer to the JAVADOC files of |
| the distribution for further information how to use WSS4J, the |
| handlers, and how to setup the deployment files.</P> |
| <H2>Required software</H2> |
| <P STYLE="margin-bottom: 0cm">To work with WSS4J you need additional |
| software. Most of the software is also needed by your SOAP base |
| system, e.g. Apache Axis. |
| </P> |
| <P STYLE="margin-bottom: 0cm">To simplify installation and operation |
| of WSS4J an additional ZIP file is provided that holds all other JARs |
| that are required by WSS4J. Please note that we probably not use the |
| very latest versions of these JARs, but we used them during the |
| tests.</P> |
| <P STYLE="margin-bottom: 0cm"><B>NOTE</B>: If you use another XML |
| parser than what is defined below (Xerces) make sure that your parser |
| fully supports namespaces. The Crimson parser included in the Sun JDK |
| 1.4.x does not support namespaces or has a buggy implementation.</P> |
| <P STYLE="margin-bottom: 0cm">To implement the Web Service Security |
| (WSS) part specific software is required:</P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>addressing-1.0.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">This jar contains the |
| implementation of WS-Adressing, required by WSS4J Trust (in sandbox).</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://ws.apache.org/addressing/">http://ws.apache.org/addressing/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>axis-1.4.jar<BR>axis-ant-1.4.jar<BR>axis-jaxrpc-1.4.jar<BR>axis-saaj-1.4.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">These jars contain |
| the Apache Axis base software. They implement the basic SOAP |
| processing, deployment, WSDL to Java, Java to WSDL tools and a lot |
| more. Plase refer to a Axis documentation how to setup Axis. You |
| should be familiar with Axis, its setup, and deployment methods |
| before you start with any WSS4J functions.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://ws.apache.org/axis/">http://ws.apache.org/axis/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>bcprov-jdk13-132.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">This is the |
| BouncyCastle library that implements all necessary encryption, |
| hashing, certifcate, and keystore functions. Without this fanatstic |
| library WSS4J wouldn't work at all.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://www.bouncycastle.org/">http://www.bouncycastle.org/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>commons-codec-1.3.jar<BR>commons-discovery-0.2.jar<BR>commons-httpclient-3.0-rc2.jar<BR>commons-logging-1.0.4.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">These jars are from |
| the Commons project and provide may useful funtions, such as Base64 |
| encoding/decoding, resource lookup, and much more. Please refer to |
| the commons project to get more information.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">The main link for the |
| commons project: <A HREF="http://jakarta.apache.org/commons/index.html">http://jakarta.apache.org/commons/index.html</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>junit-3.8.1.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">The famous unit test |
| library. Required if you like to build WSS4J from source and run the |
| unit tests.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://www.junit.org/">http://www.junit.org/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>log4j-1.2.9.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">The logging library. |
| Required to control the logging, error reporting and so on.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://logging.apache.org/">http://logging.apache.org/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>opensaml-1.0.1.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">The SAML |
| implemetation used by WSS4J to implement the SAML profile.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://www.opensaml.org/">http://www.opensaml.org/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>wsdl4j-1.5.1.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">The WSDL parsing |
| functions, required by Axis tools to read and parse WSDL.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://ws.apache.org/axis/">http://ws.apache.org/axis/</A> |
| under related projects</P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>xalan-2.7.0.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">Library that |
| implements XML Path Language (XPath) and XSLT. The XML Security |
| implementation needs several functions of Xalan XPath.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://xml.apache.org/xalan-j/">http://xml.apache.org/xalan-j/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>xmlsec-1.4.0.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">This library |
| implements the XML-Signature Syntax and Processing and the XML |
| Encryption Syntax and Processing specifications of the W3C. Thus they |
| form one of the base foundations of WSS4J.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://xml.apache.org/security/">http://xml.apache.org/security/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>xercesImpl.jar<BR>xml-apis.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">The XML parser |
| implementation. Required by anybody :-) .</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://xml.apache.org/xerces2-j/">http://xml.apache.org/xerces2-j/</A></P> |
| <P><BR><BR> |
| </P> |
| </BODY> |
| </HTML> |