Apache Releases WSS4J 4.0
Written by Kay Ewbank   
Thursday, 20 February 2025

Apache has released version 4.0 of WSS4J, its Java implementation of the primary security standards for Web Services. This release adds upgrades to OpenSAML v5 and XML Security 4.0.0.

WSS4J provides implementations of the OASIS Web Services Security (WS-Security) specifications from the OASIS Web Services Security TC. It includes implementations of SOAP message security and token profiles for Username, X.509 certificate,  SAML, and Kerberos. 

wssj4

Apache WSS4J is a Java library can be used with Apache Axis or Apache CXF to secure SOAP messages using WS-Security standards. It encrypts, verifies, and signs SOAP messages, and
ensures message confidentiality and integrity. It uses Apache Santuario to encrypt SOAP messages, and supports both symmetric and asymmetric encryption. It is interoperable with JAX-RPC based server/clients and .NET server/clients.

WSS4J also provides the ability to ensure message integrity by applying XML Signature to a SOAP request. Typically, the SOAP Body, Timestamp, WS-Addressing headers, as well as any other token in the security header are signed.

In addition to providing message confidentiality and integrity, WSS4J has a number of techniques for client authentication, including a username and password in a UsernameToken included in the security header, Kerberos Tokens, SAML Assertions (when used with "HolderOfKey"), and Asymmetric Signature.

The OASIS Web Services Security specification serves as a basis for securing web services in WebSphere Application Server.

The updates to WSS4J start with an upgrade to use OpenSAML v5. OpenSAML is a set of open source Java libraries used in support of the Shibboleth Project's implementation of the Security Assertion Markup Language (SAML).  OpenSAML 5, the current Java library version, is based on Java 17.

The new version of WSS4J also moves to support Apache XML Security for Java version 4. This is a library that includes the standard JSR-105 (Java XML Digital Signature) API,  a mature DOM-based implementation of both XML Signature and XML Encryption, as well as a more recent StAX-based (streaming) XML Signature and XML Encryption implementation.

The update to WSS4J also moves to have JDK 17 as the minimum supported version.  Apache WSS4J 4.0 is available now.

 wssj4

More Information

Apache WSS4J

WSS4J On GitHub

Related Articles

Apache Camel Updates Kafka Connector

Apache Olingo Adds Java 17 Support

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

AWS Generative AI Professional Certificate On Coursera
20/06/2025

Generative AI is having an revolutionary impact across the board. Some jobs will be lost but more will be created and to get in on the ground floor now is the time to gain a credentials to show employ [ ... ]


+ Full Story
The Future Of JavaScript - Stage 3 Propsals
25/06/2025

The new proposals for ECMA Script/JavaScript have reached Stage 3, which means they will soon be with us. Is there room for excitement?


+ Full Story
More News

pico book

 

Comments




or email your comment to: comments@i-programmer.info