Standalone

Apache WSS4J provides a set of APIs to implement WS-Security functionality on a SOAP message. It is possible to use these APIs directly in a standalone manner. The best way of finding out how to do this is to take a look at the test sources. For example:

• Username Token Test
• Encryption Test
• Signature Test
• Timestamp Test
• SAML Token Test

Apache CXF

Apache CXF is an open-source web services stack. CXF uses WSS4J to perform the core WS-Security functionality, and provides extended security functionality based around the WS-SecurityPolicy, WS-SecureConversation and WS-Trust specifications. More information:

• CXF WS-Security configuration
• CXF WS-SecureConversation configuration
• CXF WS-SecurityPolicy configuration
• CXF WS-Trust configuration
• CXF Security articles

Apache Rampart

Apache Rampart is the security module for the Axis2 web services stack. Rampart uses WSS4J to perform the core WS-Security functionality, and provides extended security functionality based around the WS-SecurityPolicy, WS-SecureConversation and WS-Trust specifications. More information:

• Rampart developer guide
• Rampart samples
• Rampart configuration guide
• Rampart articles

Apache Axis 1

The 1.5.x branch of WSS4J contains special support for Apache Axis 1, the open-source web services stack which has been replaced by Axis2. For some information about how to use WSS4J 1.5.x with Axis 1 see:

• Axis deployment tutorial 1
• Axis deployment tutorial 2

Please note that these deployment tutorials do not apply to WSS4J 1.6+, only WSS4J 1.5.x.