WSS4J 2.0.x required JDK6 as a minimum requirement. WSS4J 2.1.x requires at least JDK7. The Xerces and xml-api dependencies have been removed from the DOM code, as they are no longer required due to the JDK7 minimum requirement.

A key dependency change in WSS4J 2.1.0 is the upgrade from OpenSAML 2.x to 3.x (currently 3.1.0). OpenSAML 3.x contains a large number of package changes. Therefore if you have any OpenSAML dependencies in a CallbackHandler used to create SAML Assertions in WSS4J, code changes will be required.

The most common OpenSAML dependency is to include a "SAMLVersion" to tell the SAMLCallback whether to create a SAML 2.0 or 1.1 Assertion. WSS4J 2.1 provides an alternative way of specifying the SAML Version, via a Version bean. See here for an example.

If you have a custom Processor instance to process a token in the security header in some custom way, you must add the WSSecurityEngineResult that is generated by the processing, to the WSDocInfo Object via the "addResult" method. Otherwise, it will not be available when security results are retrieved and processed.