Skip to content
Mirror of Apache WSS4J
Branch: trunk
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
bindings More diamond operator cleanup Oct 25, 2018
build-tools Switch not to extend Junit Assert Jan 3, 2019
integration Removed secret key from WSSecEncryptedKey Jan 29, 2019
parent Updating SLF4J Feb 21, 2019
performance Replacing String equals to "" with isEmpty Jan 22, 2019
policy Make it possible to configure signature algorithm's per-AlgorithmSuite Apr 1, 2019
src/site Updating the website Apr 4, 2019
ws-security-common WSS-647 - Updating revocation keys Apr 24, 2019
ws-security-dom WSS-647 - More tests fixed Apr 24, 2019
ws-security-stax WSS-647 - Fixing more tests Apr 24, 2019
ws-security-web Adding Automatic-Module-Name entries Aug 27, 2018
.gitignore Update to latest pmd Apr 3, 2015
ChangeLog.txt Updating release notes Mar 29, 2019
LICENSE Rename file to prevent a duplicate Oct 22, 2013
NOTICE Updating the NOTICE year Jan 4, 2018
README.txt Remove a note about Java 1.5 from the README.txt because the build re… Oct 23, 2015
pom.xml Updating Checkstyle plugin Mar 11, 2019


* Apache WSS4J *

The Apache WSS4J© project provides a Java implementation of the primary
security standards for Web Services, namely the OASIS Web Services Security
(WS-Security) specifications from the OASIS Web Services Security TC. WSS4J
provides an implementation of the following WS-Security standards:

    SOAP Message Security 1.1
    Username Token Profile 1.1
    X.509 Certificate Token Profile 1.1
    SAML Token Profile 1.1
    Kerberos Token Profile 1.1
    SOAP with Attachments (SWA) Profile 1.1
    Basic Security Profile 1.1

Apache WSS4J, Apache, and the Apache feather logo are trademarks of The Apache
Software Foundation. 

The master link to WSS4J:

* Crypto Notice *

   This distribution includes cryptographic software.  The country in
   which you currently reside may have restrictions on the import,
   possession, use, and/or re-export to another country, of
   encryption software.  BEFORE using any encryption software, please
   check your country's laws, regulations and policies concerning the
   import, possession, or use, and re-export of encryption software, to
   see if this is permitted.  See <> for more

   The U.S. Government Department of Commerce, Bureau of Industry and
   Security (BIS), has classified this software as Export Commodity
   Control Number (ECCN) 5D002.C.1, which includes information security
   software using or performing cryptographic functions with asymmetric
   algorithms.  The form and manner of this Apache Software Foundation
   distribution makes it eligible for export under the License Exception
   ENC Technology Software Unrestricted (TSU) exception (see the BIS
   Export Administration Regulations, Section 740.13) for both object
   code and source code.

   The following provides more details on the included cryptographic

   Apache Santuario :
   Apache WSS4J     :
   Bouncycastle     :

* Test Requirements *

The WSS4J unit tests use STRONG encryption. The default encryption algorithms
included in a JRE is not adequate for these samples. The Java Cryptography
Extension (JCE) Unlimited Strength Jurisdiction Policy Files available on
Oracle's JDK download page[1] *must* be installed for the tests to work. If
you get errors about invalid key lengths, the Unlimited Strength files are not

You can’t perform that action at this time.