Contents

• What is WSS4J?
• Where can I download WSS4J?
• WS-Security Features
• WSS4J Use Cases
• WSS4J API
• WSS4J on Axis
• Rampart: WS-Security Implementation module for Axis2

What is WSS4J?

Apache WSS4J is an implementation of the OASIS Web Services Security (WS-Security) from OASIS Web Services Security TC . WSS4J is primarily a Java library that can be used to sign and verify SOAP Messages with WS-Security information. WSS4J will use Apache Axis and Apache XML-Security projects and will be interoperable with JAX-RPC based server/clients and .NET server/clients.

WSS4J implements

• OASIS Web Services Security: SOAP Message Security 1.0 Standard 200401, March 2004
• Username Token profile V1.0
• X.509 Token Profile V1.0

Where can I download WSS4J

You can download the latest version of WSS4J at the following URL:
http://www.apache.org/dyn/closer.cgi/ws/wss4j/

The latest release of WSS4J is version 1.5.4.

WS-Security Features

WSS4J can generate and process the following SOAP Bindings:

• XML Security
  
• XML Signature
• XML Encryption
• Tokens
• Username Tokens
• Timestamps
• SAML Tokens

WSS4J API

Please refer to the API Overview for details.

WSS4J on Axis

Please refer to the Axis Deployment Tutorial for a short tutorial and Axis Deployment Examples for more details.

Rampart: WS-Security Implementation module for Axis2

Please refer to the Rampart configuration guide for configuration information.

WSS4J Configuration

Difference between issuer-serial (WSS4J default) and direct-reference modes