Preparation for internal 1.5.5-RC1 release
* Added a release script, for the record
* Added license and notice files back to src dir and to release artifacts
* Updated change log and added to src and bin distributions
* Updated versions in docs
Still having an issue with jira-report for 1.5.5 release with the
maven-changes-plugin, which will need to be addressed before the
release, but that will have no impact on the bits.
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 56d218a..db778eb 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -5,6 +5,38 @@
Portions of this report were generated using the ReleaseNotes facility
in Jira.
+Release 1.5.5
+=============
+
+** Bug
+ * [WSS-42] - java.lang.NoClassDefFoundError: org/apache/xml/security/encryption/XMLEncryptionException
+ * [WSS-94] - Security Breach : The client certificate signature is not verified if the serial number is known in the keystore
+ * [WSS-121] - Bug in default value for SAML issuer class property
+ * [WSS-126] - SignatureProcessor:verifyXMLSignature method - Crypto object can have null values in the following scenario but it throws an Exception if the Crypto object is null
+ * [WSS-129] - Couple places where "cause" of WSSecurityException not set
+ * [WSS-133] - Method and variable misspellings fixed
+ * [WSS-140] - WSSecEncryptedKey produces EncryptedKey element with invalid Id attribute
+ * [WSS-141] - handleUsernameToken gives too much information. Can be used to deternine if a username exists or not
+ * [WSS-142] - We ship opensaml 1.0.1 even though we use opensaml 1.1 in maven
+ * [WSS-149] - AbstractCrypto requires org.apache.ws.security.crypto.merlin.file to be set and point to an existing file
+** Improvement
+ * [WSS-85] - Better exception handling in the crypto (e.g. no e.printStackTrace())
+ * [WSS-122] - Some fixes for the website
+ * [WSS-123] - 1.5.4 requires opensaml jar, older versions did not
+ * [WSS-125] - Upgrade BouncyCastle version
+ * [WSS-128] - Use xml-sec 1.4.1 version
+ * [WSS-135] - Fix for minor checkstyle issues
+ * [WSS-137] - "Unexpected number of X509Data: for Signature" error doesn't make sense.
+ * [WSS-138] - Add Nabble to site mailing list page
+ * [WSS-145] - Problem in upgrading to xml-sec 1.4.2
+ * [WSS-150] - Upgrade to XALAN 2.7.1
+* New Feature
+ * [WSS-23] - no way to programmatically set crypto.properties
+* Task
+ * [WSS-124] - Get maven dependencies pushed to central
+ * [WSS-132] - TestWSSecurityX509v1 failing
+ * [WSS-144] - Remove tab characters from WSS4J files
+
Release 1.5.4
=============
diff --git a/README.txt b/README.txt
index 2ac8486..1f42886 100644
--- a/README.txt
+++ b/README.txt
@@ -191,6 +191,11 @@
See: http://www.opensaml.org/
+serializer-2.7.1.jar
+ The Apache Xalan XML serializer library.
+
+ See: http://xml.apache.org/xalan-j/
+
wsdl4j-1.5.1.jar
The WSDL parsing functions, required by Axis tools to read and
parse WSDL.
diff --git a/build.xml b/build.xml
index 8f5e901..f62c574 100644
--- a/build.xml
+++ b/build.xml
@@ -27,8 +27,8 @@
<property name='product.version.major' value='1'/>
<property name='product.version.minor' value='5'/>
- <property name='product.version.level' value='4'/>
- <property name='product.version' value='SNAPSHOT'/>
+ <property name='product.version.level' value='5'/>
+ <property name='product.version' value='1.5.5-RC1'/>
<!-- <property name='product.version' value='${product.version.major}.${product.version.minor}.${product.version.level}'/> -->
<property name="year" value="2008"/>
<property name="copyright" value="Copyright © ${year} Apache WSS4J Project. All Rights Reserved."/>
@@ -289,6 +289,11 @@
description="This target copies the Java sources and brands the version information">
<!-- create directories -->
<mkdir dir="${build.classes}"/>
+ <copy todir="${build.classes}">
+ <fileset dir="${dir.src}">
+ <include name="META-INF/*"/>
+ </fileset>
+ </copy>
</target>
<target name="javadoc"
@@ -720,18 +725,18 @@
<mkdir dir="${dir.dist}"/>
<jar jarfile="${dir.dist}/${jar.library}"
basedir="${build.classes}"
- includes="**/apache/**/security/**" />
+ includes="**/apache/**/security/**, META-INF/**" />
<zip destfile=
"${dir.dist}/${product.shortname}-bin-${product.version}.zip">
<zipfileset prefix="wss4j" dir="."
- includes="keys/**, interop/**, interop2/**, test/**, samples/**,
- LICENSE.txt, README.txt, NOTICE, legal/**, webapps/**"/>
+ includes="keys/**, interop/**, interop2/**, test/**, samples/**,
+ ChangeLog.txt, LICENSE.txt, README.txt, NOTICE, legal/**, webapps/**"/>
<zipfileset prefix="wss4j/classes" dir="${build.classes}"
- includes=
- "*.properties, interop/**, wssec/**, org/**/oasis/**, org/**/samples/**"/>
+ includes=
+ "*.properties, interop/**, wssec/**, org/**/oasis/**, org/**/samples/**"/>
<zipfileset prefix="wss4j/doc/api" dir="${build.javadoc}"/>
<zipfileset fullpath="wss4j/${jar.library}" dir="${dir.dist}"
- includes="${jar.library}"/>
+ includes="${jar.library}"/>
</zip>
</target>
@@ -751,7 +756,7 @@
<zip destfile=
"${dir.dist}/${product.shortname}-src-${product.version}.zip">
<zipfileset prefix="wss4j" dir="."
- includes="src/** LICENSE.txt README.txt NOTICE legal/** build.xml "/>
+ includes="src/** ChangeLog.txt LICENSE.txt README.txt NOTICE legal/** build.xml "/>
</zip>
</target>
diff --git a/contrib/wss4j-release.sh b/contrib/wss4j-release.sh
new file mode 100755
index 0000000..724c25c
--- /dev/null
+++ b/contrib/wss4j-release.sh
@@ -0,0 +1,86 @@
+#!/bin/sh
+#
+# Copyright (c) The Apache Software Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+if [ -z "${WSS4J_SRC_ROOT}" ]
+then
+ echo "Assuming WSS4J source tree is the CWD..."
+ WSS4J_SRC_ROOT=.
+fi
+if [ -z "${WSS4J_VERSION}" ]
+then
+ WSS4J_VERSION=SNAPSHOT
+ echo "Setting WSS4J_VERSION to ${WSS4J_VERSION}"
+fi
+if [ -z "${WSS4J_STAGE_ROOT}" ]
+then
+ WSS4J_STAGE_ROOT=/tmp/$(id -u -nr)/stage_wss4j/${WSS4J_VERSION}
+ echo "Setting WSS4J_STAGE_ROOT to ${WSS4J_STAGE_ROOT}"
+fi
+if [ -z "${M2_REPO}" ]
+then
+ M2_REPO=$HOME/.m2/repository
+ echo "Setting M2_REPO to ${M2_REPO}"
+fi
+#
+# set up the staging area
+#
+rm -rf ${WSS4J_STAGE_ROOT}
+mkdir -p ${WSS4J_STAGE_ROOT}/dist
+mkdir -p ${WSS4J_STAGE_ROOT}/maven/org/apache/ws/security/wss4j/${WSS4J_VERSION}
+#
+# Build and stage the distribution using ant
+#
+cd ${WSS4J_SRC_ROOT}
+ant clean
+ant dist || exit 1
+cp -r dist/* ${WSS4J_STAGE_ROOT}/dist
+#
+# Build and stage through maven; copy the Jartifact built by Maven to the dist
+# Since we build and test with ant, we use the ant-built JAR as the version of
+# the artifact we'll use in maven.
+#
+# All this will get fixed when we move to maven throughout.
+#
+mvn clean || exit 1
+mvn -Prelease install || exit 1
+mkdir -p ${WSS4J_STAGE_ROOT}/maven/org/apache/ws/security/wss4j/
+cp -r ${M2_REPO}/org/apache/ws/security/wss4j/${WSS4J_VERSION} ${WSS4J_STAGE_ROOT}/maven/org/apache/ws/security/wss4j
+cp -f ${WSS4J_STAGE_ROOT}/build/wss4j-${WSS4J_VERSION}.jar ${M2_REPO}/org/apache/ws/security/wss4j/${WSS4J_VERSION}
+#
+# Sign and hash the release bits
+#
+cd ${WSS4J_STAGE_ROOT}/dist
+for i in *
+do
+ gpg --detach-sign --armor $i
+ gpg --verify $i.asc
+done
+cd ${WSS4J_STAGE_ROOT}/maven/org/apache/ws/security/wss4j/${WSS4J_VERSION}
+for i in *
+do
+ gpg --detach-sign --armor $i
+ gpg --verify $i.asc
+done
+for i in *.jar *.pom
+do
+ md5 -q $i > $i.md5
+done
+#
+# Build the web site
+#
+cd ${WSS4J_SRC_ROOT}
+mvn site || exit 1
+cp -r target/site ${WSS4J_STAGE_ROOT}/site
diff --git a/pom.xml b/pom.xml
index abb4d2e..90b3285 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,8 +6,7 @@
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<name>WSS4J</name>
- <!-- <version>1.5.4</version> -->
- <version>SNAPSHOT</version>
+ <version>1.5.5-RC1</version>
<description>
Apache WSS4J is an implementation of the Web Services Security
(WS-Security) being developed at OASIS Web Services Security TC.
@@ -95,7 +94,7 @@
<url>http://svn.apache.org/viewvc/webservices/wss4j/trunk</url>
</scm>
<organization>
- <name>Apache Software Foundation</name>
+ <name>The Apache Software Foundation</name>
<url>http://www.apache.org/</url>
</organization>
@@ -244,6 +243,7 @@
<groupId>bouncycastle</groupId>
<artifactId>bcprov-jdk14</artifactId>
<version>${bcprov.jdk14.version}</version>
+ <scope>runtime</scope>
</dependency>
</dependencies>
</profile>
@@ -257,6 +257,7 @@
<groupId>bouncycastle</groupId>
<artifactId>bcprov-jdk15</artifactId>
<version>${bcprov.jdk15.version}</version>
+ <scope>runtime</scope>
</dependency>
</dependencies>
</profile>
@@ -298,16 +299,19 @@
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>${commons.logging.version}</version>
+ <scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
<version>${xmlsec.version}</version>
+ <scope>compile</scope>
</dependency>
<dependency>
<groupId>opensaml</groupId>
<artifactId>opensaml</artifactId>
<version>${opensaml.version}</version>
+ <scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.axis</groupId>
@@ -337,21 +341,25 @@
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>${xalan.version}</version>
+ <scope>runtime</scope>
</dependency>
<dependency>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>${xerces.version}</version>
+ <scope>provided</scope>
</dependency>
<dependency>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
<version>${xml.apis.version}</version>
+ <scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>${junit.version}</version>
+ <scope>test</scope>
</dependency>
</dependencies>
@@ -384,7 +392,10 @@
<artifactId>maven-changes-plugin</artifactId>
<version>2.0</version>
<configuration>
+ <!--
<onlyCurrentVersion>true</onlyCurrentVersion>
+ -->
+ <fixVersionIds>12313215</fixVersionIds>
<resolutionIds>Any</resolutionIds>
<statusIds>Resolved, Closed</statusIds>
<sortColumnNames>Key</sortColumnNames>
diff --git a/src/META-INF/LICENSE.txt b/src/META-INF/LICENSE.txt
new file mode 100644
index 0000000..d645695
--- /dev/null
+++ b/src/META-INF/LICENSE.txt
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/src/META-INF/NOTICE b/src/META-INF/NOTICE
new file mode 100644
index 0000000..8abdd02
--- /dev/null
+++ b/src/META-INF/NOTICE
@@ -0,0 +1,8 @@
+Apache WSS4J
+Copyright 2004-2008 The Apache Software Foundation
+
+This product includes software developed by
+The Apache Software Foundation (http://www.apache.org/).
+
+This product includes software Copyright University of Southampton IT
+Innovation Centre, 2006 (http://www.it-innovation.soton.ac.uk).
diff --git a/xdocs/index.xml b/xdocs/index.xml
index 4e79910..f99d5f3 100644
--- a/xdocs/index.xml
+++ b/xdocs/index.xml
@@ -63,7 +63,7 @@
<p style="margin-left: 40px;">You can download the latest version of WSS4J at the following URL:<br/>
<a href="http://www.apache.org/dyn/closer.cgi/ws/wss4j/">http://www.apache.org/dyn/closer.cgi/ws/wss4j/</a>
</p>
- <p style="margin-left: 40px;">The latest release of WSS4J is version 1.5.4.
+ <p style="margin-left: 40px;">The latest release of WSS4J is version 1.5.5.
</p>
</subsection>
<subsection name="WS-Security Features">