The Project

The Apache WSS4J™ project provides a Java implementation of the primary security standards for Web Services, namely the OASIS Web Services Security (WS-Security) specifications from the OASIS Web Services Security TC. WSS4J provides an implementation of the following WS-Security standards:

• SOAP Message Security 1.1
• Username Token Profile 1.1
• X.509 Certificate Token Profile 1.1
• SAML Token Profile 1.1
• Kerberos Token Profile 1.1
• SOAP Messages with Attachments Profile 1.1
• Basic Security Profile 1.1

News

• November 2021 - The Apache WSS4J team are pleased to announce the release of version 2.4.0. This release contains relatively few changes, but picks up a new major version of Apache Santuario - XML Security for Java (2.3.0)

• September 2021 - The Apache WSS4J team are pleased to announce the release of versions 2.3.3 and 2.2.7. The main changes for these releases are updates to fix CVE issues in a few dependencies.

• December 2020 - The Apache WSS4J team are pleased to announce the release of versions 2.3.1 and 2.2.6. Please see the 2.3.1 release notes and 2.2.6 release notes for more information.

• June 2020 - The Apache WSS4J team are pleased to announce the release of version 2.3.0. This is a major new release of WSS4J. Significant changes:

  • Private key caching enabled which greatly speeds up private key retrieval for PKCS12 keys
  • OpenSAML 3.4.x upgrade
  • Santuario 2.2.x upgrade
  • EhCache 3.x upgrade
  • JDK 14 officially supported

  Please see the 2.3.0 release notes for more information.