blob: e0cbe07b372f8cbeaf7ca3e28180ce02a0ef70ec [file] [log] [blame]
* Apache WSS4J *
The Apache WSS4J© project provides a Java implementation of the primary
security standards for Web Services, namely the OASIS Web Services Security
(WS-Security) specifications from the OASIS Web Services Security TC. WSS4J
provides an implementation of the following WS-Security standards:
SOAP Message Security 1.1
Username Token Profile 1.1
X.509 Certificate Token Profile 1.1
SAML Token Profile 1.1
Kerberos Token Profile 1.1
SOAP with Attachments (SWA) Profile 1.1
Basic Security Profile 1.1
Apache WSS4J, Apache, and the Apache feather logo are trademarks of The Apache
Software Foundation.
The master link to WSS4J: http://ws.apache.org/wss4j/
* Crypto Notice *
This distribution includes cryptographic software. The country in
which you currently reside may have restrictions on the import,
possession, use, and/or re-export to another country, of
encryption software. BEFORE using any encryption software, please
check your country's laws, regulations and policies concerning the
import, possession, or use, and re-export of encryption software, to
see if this is permitted. See <http://www.wassenaar.org/> for more
information.
The U.S. Government Department of Commerce, Bureau of Industry and
Security (BIS), has classified this software as Export Commodity
Control Number (ECCN) 5D002.C.1, which includes information security
software using or performing cryptographic functions with asymmetric
algorithms. The form and manner of this Apache Software Foundation
distribution makes it eligible for export under the License Exception
ENC Technology Software Unrestricted (TSU) exception (see the BIS
Export Administration Regulations, Section 740.13) for both object
code and source code.
The following provides more details on the included cryptographic
software:
Apache Santuario : http://santuario.apache.org/
Apache WSS4J : http://ws.apache.org/wss4j/
Bouncycastle : http://www.bouncycastle.org/
* Test Requirements *
The WSS4J unit tests use STRONG encryption. The default encryption algorithms
included in a JRE is not adequate for these samples. The Java Cryptography
Extension (JCE) Unlimited Strength Jurisdiction Policy Files available on
Oracle's JDK download page[1] *must* be installed for the tests to work. If
you get errors about invalid key lengths, the Unlimited Strength files are not
installed.
[1] http://www.oracle.com/technetwork/java/javase/downloads/index.html