Apache Releases WSS4J 4.0
Written by Kay Ewbank   
Thursday, 20 February 2025

Apache has released version 4.0 of WSS4J, its Java implementation of the primary security standards for Web Services. This release adds upgrades to OpenSAML v5 and XML Security 4.0.0.

WSS4J provides implementations of the OASIS Web Services Security (WS-Security) specifications from the OASIS Web Services Security TC. It includes implementations of SOAP message security and token profiles for Username, X.509 certificate,  SAML, and Kerberos. 

wssj4

Apache WSS4J is a Java library can be used with Apache Axis or Apache CXF to secure SOAP messages using WS-Security standards. It encrypts, verifies, and signs SOAP messages, and
ensures message confidentiality and integrity. It uses Apache Santuario to encrypt SOAP messages, and supports both symmetric and asymmetric encryption. It is interoperable with JAX-RPC based server/clients and .NET server/clients.

WSS4J also provides the ability to ensure message integrity by applying XML Signature to a SOAP request. Typically, the SOAP Body, Timestamp, WS-Addressing headers, as well as any other token in the security header are signed.

In addition to providing message confidentiality and integrity, WSS4J has a number of techniques for client authentication, including a username and password in a UsernameToken included in the security header, Kerberos Tokens, SAML Assertions (when used with "HolderOfKey"), and Asymmetric Signature.

The OASIS Web Services Security specification serves as a basis for securing web services in WebSphere Application Server.

The updates to WSS4J start with an upgrade to use OpenSAML v5. OpenSAML is a set of open source Java libraries used in support of the Shibboleth Project's implementation of the Security Assertion Markup Language (SAML).  OpenSAML 5, the current Java library version, is based on Java 17.

The new version of WSS4J also moves to support Apache XML Security for Java version 4. This is a library that includes the standard JSR-105 (Java XML Digital Signature) API,  a mature DOM-based implementation of both XML Signature and XML Encryption, as well as a more recent StAX-based (streaming) XML Signature and XML Encryption implementation.

The update to WSS4J also moves to have JDK 17 as the minimum supported version.  Apache WSS4J 4.0 is available now.

 wssj4

More Information

Apache WSS4J

WSS4J On GitHub

Related Articles

Apache Camel Updates Kafka Connector

Apache Olingo Adds Java 17 Support

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

CheerpJ WebAssembly-based JVM Version 4.1 Is Here
12/06/2025

If you thought that legacy apps are not used anymore in this day and age, think again. With pre-4 version CheerpJ you could run legacy Java apps on browsers. With version 4+ you can run modern ap [ ... ]


+ Full Story
Two Tools To Elevate Your MongoDB Experience
03/07/2025

The tools contradict each other; the first one allows you to write SQL instead of using Mongo's special syntax, while the other allows you to manipulate the database without having to write SQL a [ ... ]


+ Full Story
More News

pico book

 

Comments




or email your comment to: comments@i-programmer.info