Apache Releases WSS4J 4.0 |
Written by Kay Ewbank | |||
Thursday, 20 February 2025 | |||
Apache has released version 4.0 of WSS4J, its Java implementation of the primary security standards for Web Services. This release adds upgrades to OpenSAML v5 and XML Security 4.0.0. WSS4J provides implementations of the OASIS Web Services Security (WS-Security) specifications from the OASIS Web Services Security TC. It includes implementations of SOAP message security and token profiles for Username, X.509 certificate, SAML, and Kerberos. Apache WSS4J is a Java library can be used with Apache Axis or Apache CXF to secure SOAP messages using WS-Security standards. It encrypts, verifies, and signs SOAP messages, and WSS4J also provides the ability to ensure message integrity by applying XML Signature to a SOAP request. Typically, the SOAP Body, Timestamp, WS-Addressing headers, as well as any other token in the security header are signed. In addition to providing message confidentiality and integrity, WSS4J has a number of techniques for client authentication, including a username and password in a UsernameToken included in the security header, Kerberos Tokens, SAML Assertions (when used with "HolderOfKey"), and Asymmetric Signature. The OASIS Web Services Security specification serves as a basis for securing web services in WebSphere Application Server. The updates to WSS4J start with an upgrade to use OpenSAML v5. OpenSAML is a set of open source Java libraries used in support of the Shibboleth Project's implementation of the Security Assertion Markup Language (SAML). OpenSAML 5, the current Java library version, is based on Java 17. The new version of WSS4J also moves to support Apache XML Security for Java version 4. This is a library that includes the standard JSR-105 (Java XML Digital Signature) API, a mature DOM-based implementation of both XML Signature and XML Encryption, as well as a more recent StAX-based (streaming) XML Signature and XML Encryption implementation. The update to WSS4J also moves to have JDK 17 as the minimum supported version. Apache WSS4J 4.0 is available now. More InformationRelated ArticlesApache Camel Updates Kafka Connector Apache Olingo Adds Java 17 Support To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.
Comments
or email your comment to: comments@i-programmer.info |