Mirror of Apache WSS4J


* Apache WSS4J *

The Apache WSS4J© project provides a Java implementation of the primary
security standards for Web Services, namely the OASIS Web Services Security
(WS-Security) specifications from the OASIS Web Services Security TC. WSS4J
provides an implementation of the following WS-Security standards:

    SOAP Message Security 1.1
    Username Token Profile 1.1
    X.509 Certificate Token Profile 1.1
    SAML Token Profile 1.1
    Kerberos Token Profile 1.1
    SOAP with Attachments (SWA) Profile 1.1
    Basic Security Profile 1.1

Apache WSS4J, Apache, and the Apache feather logo are trademarks of The Apache
Software Foundation. 

The master link to WSS4J: http://ws.apache.org/wss4j/

* Crypto Notice *

   This distribution includes cryptographic software.  The country in
   which you currently reside may have restrictions on the import,
   possession, use, and/or re-export to another country, of
   encryption software.  BEFORE using any encryption software, please
   check your country's laws, regulations and policies concerning the
   import, possession, or use, and re-export of encryption software, to
   see if this is permitted.  See <http://www.wassenaar.org/> for more

   The U.S. Government Department of Commerce, Bureau of Industry and
   Security (BIS), has classified this software as Export Commodity
   Control Number (ECCN) 5D002.C.1, which includes information security
   software using or performing cryptographic functions with asymmetric
   algorithms.  The form and manner of this Apache Software Foundation
   distribution makes it eligible for export under the License Exception
   ENC Technology Software Unrestricted (TSU) exception (see the BIS
   Export Administration Regulations, Section 740.13) for both object
   code and source code.

   The following provides more details on the included cryptographic

   Apache Santuario : http://santuario.apache.org/
   Apache WSS4J     : http://ws.apache.org/wss4j/
   Bouncycastle     : http://www.bouncycastle.org/

* Test Requirements *

The WSS4J unit tests use STRONG encryption. The default encryption algorithms
included in a JRE is not adequate for these samples. The Java Cryptography
Extension (JCE) Unlimited Strength Jurisdiction Policy Files available on
Oracle's JDK download page[1] *must* be installed for the tests to work. If
you get errors about invalid key lengths, the Unlimited Strength files are not

[1] http://www.oracle.com/technetwork/java/javase/downloads/index.html