| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
| <HTML> |
| <HEAD> |
| <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8"> |
| <TITLE></TITLE> |
| <META NAME="GENERATOR" CONTENT="OpenOffice.org 1.9.79 (Linux)"> |
| <META NAME="AUTHOR" CONTENT="Werner Dittmann"> |
| <META NAME="CREATED" CONTENT="20050904;11070500"> |
| <META NAME="CHANGEDBY" CONTENT="Werner Dittmann"> |
| <META NAME="CHANGED" CONTENT="20050904;12155500"> |
| <STYLE> |
| <!-- |
| @page { size: 21cm 29.7cm } |
| H1.western { font-family: "Times New Roman" } |
| --> |
| </STYLE> |
| </HEAD> |
| <BODY LANG="de-DE" DIR="LTR"> |
| <H1 CLASS="western">What is WSS4J?</H1> |
| <P STYLE="margin-bottom: 0cm">WSS4J is part of the Apache Web |
| Services project. Here is <A HREF="http://ws.apache.org/">link </A>the |
| to all Apache Web Service projects<A HREF="http://ws.apache.org/">.</A></P> |
| <P STYLE="margin-bottom: 0cm">Apache WSS4J is an implementation of |
| the OASIS Web Services Security specifications (WS-Security, WSS) |
| from OASIS Web Services Security TC. WSS4J is primarily a Java |
| library that can be used to sign, verify, encrypt, and decrypt SOAP |
| Messages according to the WS-Security specifications. WSS4J uses |
| Apache Axis and other Apache XML-Security projects and is |
| interoperable with other JAX-RPC based server/clients and .Net WSE |
| server/clients that follow the OASIS WSS specifications.</P> |
| <H2>Supported WSS Specifications</H2> |
| <P STYLE="margin-bottom: 0cm">WSS4J implements</P> |
| <UL> |
| <LI><P STYLE="margin-bottom: 0cm">OASIS Web Serives Security: SOAP |
| Message Security 1.0 Standard 200401, March 2004</P> |
| <LI><P STYLE="margin-bottom: 0cm">Username Token profile V1.0</P> |
| <LI><P STYLE="margin-bottom: 0cm">X.509 Token Profile V1.0</P> |
| </UL> |
| <P STYLE="margin-bottom: 0cm">The Web Services Security part of WSS4J |
| is fairly well tested and many WebService projects use it already. |
| Also interoperability with various other implementations is well |
| tested.</P> |
| <H2>Support of older WSS specifications</H2> |
| <P STYLE="margin-bottom: 0cm">WSS4J can also be configured to emulate |
| previous WSS spec implementations with older namespaces, such as |
| WebSphere 5.1 and WebLogic 8.1 SP2. The WSS4J release 1.1.0 is the |
| last release that supports this old, draft WSS specifications. |
| </P> |
| <P STYLE="margin-bottom: 0cm">The next WSS4J releases (>= 1.2.x)</P> |
| <UL> |
| <LI><P STYLE="margin-bottom: 0cm">support the OASIS V1.0 specs and |
| the relevant namespaces only</P> |
| <LI><P STYLE="margin-bottom: 0cm">support one versions of |
| provisional (draft) namespaces for the upcoming version</P> |
| </UL> |
| <P STYLE="margin-bottom: 0cm">After the next version of the WSS specs |
| is finished, we do one WSS4J release with the provisional namespaces |
| and another release (with a new release number) with the then fixed |
| namespace URIs. Doing so we could save a lot of coding while |
| retaining some backward compatibility using the n-1 release.</P> |
| <H2>Web Services Security Features |
| </H2> |
| <P STYLE="margin-bottom: 0cm">WSS4J can generate and process the |
| following SOAP Bindings:</P> |
| <UL> |
| <LI><P STYLE="margin-bottom: 0cm">XML Security</P> |
| </UL> |
| <UL> |
| <LI><P STYLE="margin-bottom: 0cm">XML Signature</P> |
| <LI><P STYLE="margin-bottom: 0cm">XML Encryption</P> |
| <LI><P STYLE="margin-bottom: 0cm">Tokens</P> |
| <LI><P STYLE="margin-bottom: 0cm">Username Tokens</P> |
| <LI><P STYLE="margin-bottom: 0cm">Timestamps</P> |
| <LI><P STYLE="margin-bottom: 0cm">SAML Tokens</P> |
| </UL> |
| <P STYLE="margin-right: 0.03cm; margin-bottom: 0cm">WSS4J supports |
| X.509 binary certificates and certificate paths. Here is the <A HREF="http://ws.apache.org/wss4j/">link</A> |
| to WSS4J. There is also a Wiki concering Apache WS projects and WSS4J |
| as one of the WS sub-projects:</P> |
| <P STYLE="margin-bottom: 0cm"><A HREF="http://wiki.apache.org/ws/">http://wiki.apache.org/ws/</A></P> |
| <P STYLE="margin-bottom: 0cm"><A HREF="http://wiki.apache.org/ws/FrontPage/WsFx">http://wiki.apache.org/ws/FrontPage/WsFx</A></P> |
| <H3>WS-Trust and WS-Secure specifications</H3> |
| <P STYLE="margin-bottom: 0cm">The 'Trust' and 'Conversation' parts of |
| WSS4J implements the WS-Trust and WS-Secure Conversation |
| specifications. The status of these two parts right now:</P> |
| <UL> |
| <LI><P STYLE="margin-bottom: 0cm">WS-Trust implementation is in the |
| process of being re-done.</P> |
| <LI><P STYLE="margin-bottom: 0cm">WS-Secure Conversation |
| implementation will be re-worked burning the WS-Addressing stuff |
| into it once we have the components of WS-Trust implementation |
| ready.</P> |
| </UL> |
| <P STYLE="margin-bottom: 0cm">Introperability of these two parts:</P> |
| <P STYLE="margin-bottom: 0cm">The SecurityTokenService successfully |
| interoped with IBM's implementation last year (Token issuance only). |
| But as of now we cannot confirm interoperability due to the changes.</P> |
| <P STYLE="margin-bottom: 0cm">Therefore the 'Trust' and |
| 'Conversation' parts of WSS4J are experimental and are contained in |
| the "sandbox" package.</P> |
| <H2>Installation (binary distribution)</H2> |
| <P STYLE="margin-bottom: 0cm">The WSS4J zip archive is the binary |
| distribution and contains the wss4j jar file, some examples, test |
| classes (incl. sources), the interop test classes (incl. sources and |
| necessary certificate store), and the according client and server |
| deployment and protery files.</P> |
| <P STYLE="margin-bottom: 0cm">The WSS4J jar file contains all classes |
| that implement the basic functions and the handlers. To install it |
| make sure this jar file is in the classpath of your Axis client |
| and/or Axis server. |
| </P> |
| <P STYLE="margin-bottom: 0cm">In addition you need to set up the |
| property files that contain information about the certificate |
| keystores you use. The property files and the keystore are accessed |
| either as resources via classpath or, if that fails, as files using |
| the relative path of the application |
| </P> |
| <P STYLE="margin-bottom: 0cm">Thus no specific installation is |
| required. The wss4j.jar file should be included into ear or war files |
| of enterprise or web application servers.</P> |
| <P STYLE="margin-bottom: 0cm">Please refer to the JAVADOC files of |
| the distribution for further information how to use WSS4J, the |
| handlers, and how to setup the deployment files.</P> |
| <H2>Required software</H2> |
| <P STYLE="margin-bottom: 0cm">To work with WSS4J you need additional |
| software. Most of the software is also needed by your SOAP base |
| system, e.g. Apache Axis. |
| </P> |
| <P STYLE="margin-bottom: 0cm">To simplify installation and operation |
| of WSS4J an additional ZIP file is provided that holds all other JARs |
| that are required by WSS4J. Please note that we probably not use the |
| very latest versions of these JARs, but we used them during the |
| tests.</P> |
| <P STYLE="margin-bottom: 0cm"><B>NOTE</B>: If you use another XML |
| parser than what is defined below (Xerces) make sure that your parser |
| fully supports namespaces. The Crimson parser included in the Sun JDK |
| 1.4.x does not support namespaces or has a buggy implementation.</P> |
| <P STYLE="margin-bottom: 0cm">To implement the Web Service Security |
| (WSS) part specific software is required:</P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>addressing-1.0.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">This jar contains the |
| implementation of WS-Adressing, required by WSS4J Trust.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://ws.apache.org/addressing/">http://ws.apache.org/addressing/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>axis-1.2.1.jar<BR>axis-ant-1.2.1.jar<BR>axis-jaxrpc-1.2.1.jar<BR>axis-saaj-1.2.1.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">These jars contain |
| the Apache Axis base software. They implement the basic SOAP |
| processing, deployment, WSDL to Java, Java to WSDL tools and a lot |
| more. Plase refer to a Axis documentation how to setup Axis. You |
| should be familiar with Axis, its setup, and deployment methods |
| before you start with any WSS4J functions.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://ws.apache.org/axis/">http://ws.apache.org/axis/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>bcprov-jdk13-128.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">This is the |
| BouncyCastle library that implements all necessary encryption, |
| hashing, certifcate, and keystore functions. Without this fanatstic |
| library WSS4J wouldn't work at all.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://www.bouncycastle.org/">http://www.bouncycastle.org/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>commons-codec-1.3.jar<BR>commons-discovery-0.2.jar<BR>commons-httpclient-3.0-rc2.jar<BR>commons-logging-1.0.4.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">These jars are from |
| the Commons project and provide may useful funtions, such as Base64 |
| encoding/decoding, resource lookup, and much more. Please refer to |
| the commons project to get more information.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">The main link for the |
| commons project: <A HREF="http://jakarta.apache.org/commons/index.html">http://jakarta.apache.org/commons/index.html</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>junit-3.8.1.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">The famous unit test |
| library. Required if you like to build WSS4J from source and run the |
| unit tests.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://www.junit.org/">http://www.junit.org/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>log4j-1.2.9.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">The logging library. |
| Required to control the logging, error reporting and so on.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://logging.apache.org/">http://logging.apache.org/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>opensaml-1.0.1.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">The SAML |
| implemetation used by WSS4J to implement the SAML profile.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://www.opensaml.org/">http://www.opensaml.org/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>wsdl4j-1.5.1.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">The WSDL parsing |
| functions, required by Axis tools to read and parse WSDL.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://ws.apache.org/axis/">http://ws.apache.org/axis/</A> |
| under related projects</P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>xalan-2.6.0.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">Library that |
| implements XML Path Language (XPath) and XSLT. The XML Security |
| implementation needs several functions of Xalan XPath.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://xml.apache.org/xalan-j/">http://xml.apache.org/xalan-j/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>xmlsec-1.2.1.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">This library |
| implements the XML-Signature Syntax and Processing and the XML |
| Encryption Syntax and Processing specifications of the W3C. Thus they |
| form one of the base foundations of WSS4J.</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://xml.apache.org/security/">http://xml.apache.org/security/</A></P> |
| <P STYLE="margin-bottom: 0cm"><FONT FACE="Courier New"><FONT SIZE=2>dom3-xercesImpl-2_6_2.jar<BR>dom3-xml-apis-2_6_2.jar</FONT></FONT></P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">The XML parser |
| implementation. Required by anybody :-) .</P> |
| <P STYLE="margin-left: 2cm; margin-bottom: 0cm">See: |
| <A HREF="http://xml.apache.org/xerces2-j/">http://xml.apache.org/xerces2-j/</A></P> |
| <P><BR><BR> |
| </P> |
| </BODY> |
| </HTML> |