You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2019/04/04 15:31:46 UTC
svn commit: r1856947 [2/2] - in /webservices/website/wss4j: ./
testapidocs/org/apache/wss4j/common/cache/
testapidocs/org/apache/wss4j/common/cache/class-use/
xref-test/org/apache/wss4j/common/cache/
Added: webservices/website/wss4j/wss4j16.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/wss4j16.html?rev=1856947&view=auto
==============================================================================
--- webservices/website/wss4j/wss4j16.html (added)
+++ webservices/website/wss4j/wss4j16.html Thu Apr 4 15:31:46 2019
@@ -0,0 +1,265 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!-- Generated by Apache Maven Doxia Site Renderer 1.7.4 at 2019-04-04 -->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>Apache WSS4J – </title>
+ <style type="text/css" media="all">
+ @import url("./css/maven-base.css");
+ @import url("./css/maven-theme.css");
+ @import url("./css/site.css");
+ </style>
+ <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
+ <meta http-equiv="Content-Language" content="en" />
+
+ </head>
+ <body class="composite">
+ <div id="banner">
+ <a href="./" id="bannerLeft">
+ Apache WSS4Jâ¢
+ </a>
+ <a href="http://www.apache.org" id="bannerRight">
+ <img src="http://activemq.apache.org/images/asf-logo.png" alt="$alt" />
+ </a>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="breadcrumbs">
+
+ <div class="xleft">
+ <span id="publishDate">Last Published: 2019-04-04</span>
+ | <span id="projectVersion">Version: 2.3.0-SNAPSHOT</span>
+ </div>
+ <div class="xright">
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="leftColumn">
+ <div id="navcolumn">
+
+ <h5>Apache WSS4J</h5>
+ <ul>
+ <li class="none">
+ <a href="index.html" title="Home">Home</a>
+ </li>
+ <li class="none">
+ <a href="download.html" title="Download">Download</a>
+ </li>
+ <li class="none">
+ <a href="user_guide.html" title="User Guide">User Guide</a>
+ </li>
+ <li class="none">
+ <a href="security_advisories.html" title="Security Advisories">Security Advisories</a>
+ </li>
+ </ul>
+ <h5>Project Documentation</h5>
+ <ul>
+ <li class="collapsed">
+ <a href="project-info.html" title="Project Information">Project Information</a>
+ </li>
+ <li class="collapsed">
+ <a href="project-reports.html" title="Project Reports">Project Reports</a>
+ </li>
+ </ul>
+ <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+ <img class="poweredBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
+ </a>
+
+ </div>
+ </div>
+ <div id="bodyColumn">
+ <div id="contentBox">
+ <div class="sect2">
+<h3 id="apache_wss4j_1_6_0_migration_guide">Apache WSS4J 1.6.0 Migration Guide</h3>
+<div class="paragraph">
+<p>This page describes the new features of WSS4J 1.6.0, and the things to be
+aware of when upgrading from WSS4J 1.5.x. Note that WSS4J 1.6.x has now been
+replaced by WSS4J 2.0.x, please see the WSS4J 2.0.0 <a href="wss4j20.html">migration guide</a> for more information.</p>
+</div>
+<div class="sect3">
+<h4 id="new_features">New features</h4>
+<div class="paragraph">
+<p>This section describes the main new features that have been implemented in
+WSS4J 1.6. For more information on the changes, please click on the links. You
+can also review the
+<a href="https://issues.apache.org/jira/browse/WSS/fixforversion/12313718">list of JIRAs</a>
+that have been fixed in WSS4J 1.6.</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p><a href="http://coheigea.blogspot.com/2011/03/wss4j-16-jsr-105-support.html">JSR-105 support</a>:
+WSS4J 1.6 has been ported to use the JSR 105 API for XML Digital Signature.</p>
+</li>
+<li>
+<p><a href="http://coheigea.blogspot.com/2011/02/support-for-saml2-assertions-in-wss4j.html">SAML2 support</a>: WSS4J 1.6 includes full support for creating, manipulating and parsing SAML2
+assertions, via the Opensaml2 library.</p>
+</li>
+<li>
+<p>Performance work: A general code-rewrite has been done with a focus on improving performance,
+e.g. the <a href="http://coheigea.blogspot.com/2011/01/wss4j-16-actionprocessor-loading-change.html">changes</a> that have been made to processor loading.</p>
+</li>
+<li>
+<p><a href="http://coheigea.blogspot.com/2011/03/wss4j-16-basic-security-profile-11.html">Basic Security Profile 1.1 compliance</a>: WSS4J 1.6 provides support for the BSP 1.1 specification.</p>
+</li>
+<li>
+<p>JDK 1.5 port: The JDK 1.4 requirement of WSS4J 1.5.x has been dropped as part of this work.</p>
+</li>
+<li>
+<p><a href="http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html">Support for Crypto trust-stores</a>: WSS4J 1.6 separates the concept of keystore and truststores for
+Crypto implementations.</p>
+</li>
+<li>
+<p><a href="http://coheigea.blogspot.com/2011/04/wss4j-16-introducing-validators.html">New Validator interface</a>: WSS4J 1.6 moves all validation of security tokens into a new Validator
+interface, which allows for custom validation of specific tokens.</p>
+</li>
+<li>
+<p>Support for the Kerberos Token Profile (in WSS4J 1.6.2 and 1.6.3).</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect3">
+<h4 id="upgrade_notes">Upgrade notes</h4>
+<div class="paragraph">
+<p>This section describes the changes that have been made in WSS4J 1.6 that will impact on an existing
+user of WSS4J 1.5.x. Although WSS4J 1.6 is not 100% backwards compatible with 1.5.x, a general goal for
+the release was to restrict the API changes to those that were strictly necessary.</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>All Axis1 dependencies have been removed. Any user wishing to use WSS4J with Axis1 must use the
+WSS4J 1.5.x library. As Axis1 has been replaced by Axis2, this is unlikely to be an issue.</p>
+</li>
+<li>
+<p>A number of changes have been made to the Crypto interface. See
+<a href="http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html">here</a>,
+<a href="http://coheigea.blogspot.com/2011/02/wss4j-16-changes-to-crypto-interface.html">here</a>
+and <a href="http://coheigea.blogspot.com/2011/02/wss4j-16-change-to-publickey-validation.html">here</a>
+for an indepth explanation. In a nutshell, these changes are:</p>
+<div class="olist arabic">
+<ol class="arabic">
+<li>
+<p>The BouncyCastle crypto implementation has been removed (replaced by Merlin)</p>
+</li>
+<li>
+<p>A new set of Merlin "truststore" configuration tags have been added. The behaviour of the old Merlin
+configuration tags will work exactly the same way in WSS4J 1.6.</p>
+</li>
+<li>
+<p>The CA certs are now <b>not</b> loaded by default.</p>
+</li>
+<li>
+<p>PublicKeys (from KeyValues) are now not handled by a PublicKeyCallback, but by the Crypto implementation
+directly.</p>
+</li>
+</ol>
+</div>
+</li>
+<li>
+<p>If the WSEncryptionPart used to point to an element for signature or encryption does not either store
+the element directly, or store the wsu:Id, <strong>all</strong> DOM Elements that match the stored
+localname/namespace will be processed. See the
+<a href="http://ws.apache.org/wss4j/topics.html#Specifying_elements_to_sign_or_encrypt">Special Topics page</a>
+for more information.</p>
+</li>
+<li>
+<p>WSS4J 1.5.x used Opensaml1 to provide extremely limited support for SAML 1 assertions. WSS4J 1.6 has
+been upgraded to Opensaml2, and provides far more comprehensive support for SAML. See
+<a href="http://coheigea.blogspot.com/2011/02/support-for-saml2-assertions-in-wss4j.html">here</a> for
+more information on this. Some changes to be aware of are:</p>
+<div class="olist arabic">
+<ol class="arabic">
+<li>
+<p>The way of creating SAML assertions via a properties file has completely changed. For example, see
+<a href="xref-test/org/apache/ws/security/saml/SamlTokenTest.html">SAML Token Test</a>.</p>
+</li>
+<li>
+<p>WSS4J 1.5.x ignored (enveloped) signatures on SAML (1.1) assertions - this is no longer the case, so
+deployments which do not set the correct keystore/truststore config for dealing with signature
+verification will fail.</p>
+</li>
+<li>
+<p>The SAMLTokenProcessor no longer saves all tokens as an "WSConstants.ST_UNSIGNED" action. It saves
+tokens that do not have an enveloped signature as this action, and token which <strong>do</strong> have an enveloped
+signature are saved as a "WSConstants.ST_SIGNED" action.</p>
+</li>
+<li>
+<p>The object that is saved as part of the action above has changed, from an Opensaml1 specific Assertion
+object, to an AssertionWrapper instance, which is a WSS4J specific object which encapsulates an
+Assertion, as well as some information corresponding to signature verification, etc.</p>
+</li>
+</ol>
+</div>
+</li>
+<li>
+<p>The way that UsernameTokens are processed has been changed. See
+<a href="http://coheigea.blogspot.com/2011/02/usernametoken-processing-changes-in.html">here</a> for
+more information. Some important changes are:</p>
+<div class="olist arabic">
+<ol class="arabic">
+<li>
+<p>The plaintext password case has exactly the same behaviour as the digest case. The identifier is now
+WSPasswordCallback.USERNAME_TOKEN and not WSPasswordCallback.USERNAME_TOKEN_UNKNOWN, and the
+CallbackHandler does not do any authentication, but must set the password on the callback.</p>
+</li>
+<li>
+<p>The custom password type case defaults to the same behaviour as the plaintext case, assuming
+wssConfig.getHandleCustomPasswordTypes() returns true.</p>
+</li>
+<li>
+<p>For the case of a username token with no password element, the default behaviour is simply to ignore it,
+and to store it as a new result of type WSConstants.UT_NOPASSWORD.</p>
+</li>
+</ol>
+</div>
+</li>
+<li>
+<p>Some changes have been made to the WSPasswordCallback identifiers, used to obtain passwords for various
+actions. For more information see
+<a href="http://coheigea.blogspot.com/2011/02/wspasswordcallback-changes-in-wss4j-16.html">here</a>. In
+a nutshell, these changes consist of:</p>
+<div class="olist arabic">
+<ol class="arabic">
+<li>
+<p>The WSPasswordCallback KEY_NAME, USERNAME_TOKEN_UNKNOWN and WSPasswordCallback.ENCRYPTED_KEY_TOKEN
+identifiers have been removed.</p>
+</li>
+<li>
+<p>CUSTOM_TOKEN is not longer used in the processors to get a secret key.</p>
+</li>
+<li>
+<p>SECRET_KEY is a new identifier for finding secret keys. It replaces the occasionally incorrect use of
+CUSTOM_TOKEN, as well as KEY_NAME and ENCRYPTED_KEY_TOKEN.</p>
+</li>
+</ol>
+</div>
+</li>
+<li>
+<p>Timestamp validation and signature trust verification is not done by the WSHandler implementation
+any more, but is performed when the security header is processed.</p>
+</li>
+</ul>
+</div>
+</div>
+</div>
+ </div>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ <div id="footer">
+ <div class="xright">
+ Apache WSS4J, WSS4J, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.
+ All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ </body>
+</html>
Added: webservices/website/wss4j/wss4j20.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/wss4j20.html?rev=1856947&view=auto
==============================================================================
--- webservices/website/wss4j/wss4j20.html (added)
+++ webservices/website/wss4j/wss4j20.html Thu Apr 4 15:31:46 2019
@@ -0,0 +1,475 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!-- Generated by Apache Maven Doxia Site Renderer 1.7.4 at 2019-04-04 -->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>Apache WSS4J – </title>
+ <style type="text/css" media="all">
+ @import url("./css/maven-base.css");
+ @import url("./css/maven-theme.css");
+ @import url("./css/site.css");
+ </style>
+ <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
+ <meta http-equiv="Content-Language" content="en" />
+
+ </head>
+ <body class="composite">
+ <div id="banner">
+ <a href="./" id="bannerLeft">
+ Apache WSS4Jâ¢
+ </a>
+ <a href="http://www.apache.org" id="bannerRight">
+ <img src="http://activemq.apache.org/images/asf-logo.png" alt="$alt" />
+ </a>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="breadcrumbs">
+
+ <div class="xleft">
+ <span id="publishDate">Last Published: 2019-04-04</span>
+ | <span id="projectVersion">Version: 2.3.0-SNAPSHOT</span>
+ </div>
+ <div class="xright">
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="leftColumn">
+ <div id="navcolumn">
+
+ <h5>Apache WSS4J</h5>
+ <ul>
+ <li class="none">
+ <a href="index.html" title="Home">Home</a>
+ </li>
+ <li class="none">
+ <a href="download.html" title="Download">Download</a>
+ </li>
+ <li class="none">
+ <a href="user_guide.html" title="User Guide">User Guide</a>
+ </li>
+ <li class="none">
+ <a href="security_advisories.html" title="Security Advisories">Security Advisories</a>
+ </li>
+ </ul>
+ <h5>Project Documentation</h5>
+ <ul>
+ <li class="collapsed">
+ <a href="project-info.html" title="Project Information">Project Information</a>
+ </li>
+ <li class="collapsed">
+ <a href="project-reports.html" title="Project Reports">Project Reports</a>
+ </li>
+ </ul>
+ <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+ <img class="poweredBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
+ </a>
+
+ </div>
+ </div>
+ <div id="bodyColumn">
+ <div id="contentBox">
+ <div class="sect2">
+<h3 id="apache_wss4j_2_0_0_migration_guide">Apache WSS4J 2.0.0 Migration Guide</h3>
+<div class="paragraph">
+<p>This section is a migration guide for helping Apache WSS4J 1.6.x users to migrate
+to the 2.0.x releases. Also see the <a href="newfeatures20.html">new
+features</a> page for more information about the new functionality available in
+WSS4J 2.0.x.</p>
+</div>
+<div class="sect3">
+<h4 id="migrating_to_using_the_streaming_stax_code">Migrating to using the streaming (StAX) code</h4>
+<div class="paragraph">
+<p>WSS4J 2.0.0 introduces a streaming (StAX-based) WS-Security implementation to
+complement the existing DOM-based implementation. The DOM-based implementation
+is quite performant and flexible, but having to read the entire request into
+memory carries performance penalties. The StAX-based code offers largely the
+same functionality as that available as part of the DOM code, and is
+configured in mostly the same way (via configuration tags that are shared
+between both stacks).</p>
+</div>
+<div class="paragraph">
+<p>As of the time of writing, Apache CXF is the only web services stack to
+integrate the new WS-Security streaming functionality. To switch to use the
+streaming code for the manual "Action" based approach, simply change the
+outbound and inbound interceptors as follows:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>"org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor" to
+"org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor".</p>
+</li>
+<li>
+<p>"org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor" to
+"org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor".</p>
+</li>
+</ul>
+</div>
+<div class="paragraph">
+<p>For the WS-SecurityPolicy based approach of configuring WS-Security, simply
+set the JAX-WS property SecurityConstants.ENABLE_STREAMING_SECURITY
+("ws-security.enable.streaming") to "true".</p>
+</div>
+<div class="paragraph">
+<p>For more information on the streaming functionality available in WSS4J 2.0.0,
+please see the <a href="streaming.html">streaming documentation</a> page.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="cryptocallbackhandler_changes">Crypto/CallbackHandler changes</h4>
+<div class="paragraph">
+<p>Typically, a user configures Signature and Encryption keys via a Crypto
+properties file. In WSS4J 1.6.x, the property names all start with
+"org.apache.ws.security.crypto.*". In WSS4J 2.0.0, the new prefix is
+"org.apache.wss4j.crypto.\*". However, WSS4J 2.0.0 will accept the older
+prefix value. No other changes are necessary for migrating Crypto properties.</p>
+</div>
+<div class="paragraph">
+<p>In WSS4J 1.6.x, it was only possible to specify a Crypto implementation for
+both Signature Creation + Verification. In WSS4J 2.0.0, there is now a
+separate Signature Verification Crypto instance, that can be configured via
+the following configuration tags:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>signatureVerificationPropFile - The path of the crypto property file to
+use for Signature verification.</p>
+</li>
+<li>
+<p>signatureVerificationPropRefId - The key that holds a reference to the
+object holding complete information about the signature verification Crypto
+implementation.</p>
+</li>
+</ul>
+</div>
+<div class="paragraph">
+<p>In WSS4J, you need to define a CallbackHandler to supply a password to a
+WSPasswordCallback Object when dealing with UsernameTokens, or to unlock
+private keys for Signature creation, etc. In WSS4J 2.0.0, the functionality is
+exactly the same, except that the package of the WSPasswordCallback Object has
+changed from "org.apache.ws.security" to "org.apache.wss4j.common.ext". Any
+CallbackHandler implementation will need to be updated to use the new package.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="saml_assertion_changes">SAML Assertion changes</h4>
+<div class="paragraph">
+<p>A CallbackHandler implementation is required to create a SAML Assertion, by
+populating various beans. Similar to the WSPasswordCallback package change,
+there are also some package changes for SAML. The base package for the
+SAMLCallback class, and of the various "bean" classes, has changed from
+"org.apache.ws.security.saml.ext" to "org.apache.wss4j.common.saml".</p>
+</div>
+<div class="paragraph">
+<p>Apache WSS4J 1.6.x uses the SAMLIssuer interface to configure the creation and
+signing of a SAML Assertion. In Apache WSS4J 2.0.0, the SAMLIssuer
+functionality has been moved to the SAMLCallback, so that the CallbackHandler
+used to create a SAML Assertion is responsible for all of the signing
+configuration as well. Therefore, the properties file that is used in
+WSS4J 1.6.x to sign a SAML Assertion is no longer used in WSS4J 2.0.0, and
+the "samlPropFile" and "samlPropRefId" configuration tags have been removed.</p>
+</div>
+<div class="paragraph">
+<p>The SAMLCallback Object contains the additional properties in WSS4J 2.0.0 that
+can be set to sign the Assertion:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>boolean signAssertion - Whether to sign the assertion or not (default "false").</p>
+</li>
+<li>
+<p>String issuerKeyName - The keystore alias for signature</p>
+</li>
+<li>
+<p>String issuerKeyPassword - The keystore password for the alias</p>
+</li>
+<li>
+<p>Crypto issuerCrypto - The Crypto instance used for signature</p>
+</li>
+<li>
+<p>boolean sendKeyValue - Whether to send the keyvalue or the X509Certificate
+(default "false").</p>
+</li>
+<li>
+<p>String canonicalizationAlgorithm - The C14n algorithm to use for signature.</p>
+</li>
+<li>
+<p>String signatureAlgorithm - The Signature algorithm.</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect3">
+<h4 id="configuration_tag_changes">Configuration tag changes</h4>
+<div class="paragraph">
+<p>In WSS4J 1.6.x, configuration tags were configured in the WSHandlerConstants
+class. In WSS4J 2.0.0, both the DOM and StAX-based code largely share the
+same configuration options, and so the configuration tags are defined in
+<a href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?view=markup">ConfigurationConstants</a>. Note that the WSS4J 1.6.x configuration class
+(WSHandlerConstants) extends this class in WSS4J 2.0.0, so there is no need to
+change any configuration code when upgrading.</p>
+</div>
+<div class="paragraph">
+<p>The configuration tags that have been removed and added are detailed below.
+The non-standard key derivation and UsernameToken Signature functionality that
+was optional in WSS4J 1.6.x has been removed. Some new actions are added for
+the streaming code, as well as some options surrounding caching. An important
+migration point is that there is now a separate configuration tag used for
+verifying signatures. In WSS4J 1.6.x, there was only one tag used for both
+signature creation and verification.</p>
+</div>
+<div class="sect4">
+<h5 id="removed_configuration_tags_in_wss4j_2_0_0">Removed Configuration tags in WSS4J 2.0.0</h5>
+<div class="paragraph">
+<p>This section details the Configuration tags that are no longer present in
+WSS4J 2.0.0.</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>SIGN_WITH_UT_KEY (UsernameTokenSignature) - Perform a .NET specific signature using a Username Token action. Removed
+as it was not standard compliant.</p>
+</li>
+<li>
+<p>PASSWORD_TYPE_STRICT (passwordTypeStrict) - Whether to enable strict Username Token password type handling. In WSS4J
+2.0.0 this functionality can be enabled by just setting the required
+PASSWORD_TYPE.</p>
+</li>
+<li>
+<p>USE_DERIVED_KEY (useDerivedKey) - Whether to use the standard UsernameToken Key Derivation algorithm. Removed
+as only the standard algorithm is used in WSS4J 2.0.0.</p>
+</li>
+<li>
+<p>ENC_KEY_NAME (embeddedKeyName) - The text of the key name to be sent in the KeyInfo for encryption. Embedded
+KeyNames are not supported in WSS4J 2.0.0.</p>
+</li>
+<li>
+<p>ADD_UT_ELEMENTS (addUTElements) - Additional elements to add to a Username Token, i.e. "nonce" and "created".
+See the ADD_USERNAMETOKEN_NONCE and ADD_USERNAMETOKEN_CREATED properties below.</p>
+</li>
+<li>
+<p>WSE_SECRET_KEY_LENGTH (wseSecretKeyLength) - The length of the secret (derived) key to use for the WSE UT_SIGN
+functionality. Removed as it is not standard compliant.</p>
+</li>
+<li>
+<p>ENC_CALLBACK_CLASS (embeddedKeyCallbackClass) - The CallbackHandler implementation class used to get the key associated
+with a key name. KeyName is not supported in WSS4J 2.0.0.</p>
+</li>
+<li>
+<p>ENC_CALLBACK_REF (embeddedKeyCallbackRef) -The CallbackHandler implementation object used to get the key associated
+with a key name. KeyName is not supported in WSS4J 2.0.0.</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect4">
+<h5 id="new_configuration_tags_in_wss4j_2_0_0">New Configuration tags in WSS4J 2.0.0</h5>
+<div class="paragraph">
+<p>This section details the new Configuration tags in WSS4J 2.0.0.</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>USERNAME_TOKEN_SIGNATURE (UsernameTokenSignature) - Perform a UsernameTokenSignature action.</p>
+</li>
+<li>
+<p>SIGNATURE_DERIVED (SignatureDerived) - Perform a Signature action with derived keys.</p>
+</li>
+<li>
+<p>ENCRYPT_DERIVED (EncryptDerived) - Perform a Encryption action with derived keys.</p>
+</li>
+<li>
+<p>SIGNATURE_WITH_KERBEROS_TOKEN (SignatureWithKerberosToken) - Perform a Signature action with a kerberos token. Only for StAX code.</p>
+</li>
+<li>
+<p>ENCRYPT_WITH_KERBEROS_TOKEN (EncryptWithKerberosToken) - Perform a Encryption action with a kerberos token. Only for StAX code.</p>
+</li>
+<li>
+<p>KERBEROS_TOKEN (KerberosToken) - Add a kerberos token.</p>
+</li>
+<li>
+<p>CUSTOM_TOKEN (CustomToken) - Add a "Custom" token from a CallbackHandler</p>
+</li>
+<li>
+<p>SIG_VER_PROP_FILE (signatureVerificationPropFile) - The path of the crypto property file to use for Signature verification.</p>
+</li>
+<li>
+<p>SIG_VER_PROP_REF_ID (signatureVerificationPropRefId) - The String ID that is used to store a reference to the Crypto object or
+the Crypto Properties object for Signature verification.</p>
+</li>
+<li>
+<p>ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM (allowRSA15KeyTransportAlgorithm) - Whether to allow the RSA v1.5 Key Transport Algorithm or not. Default is
+"false".</p>
+</li>
+<li>
+<p>ADD_INCLUSIVE_PREFIXES (addInclusivePrefixes) - Whether to add an InclusiveNamespaces PrefixList as a
+CanonicalizationMethod child when generating Signatures using
+WSConstants.C14N_EXCL_OMIT_COMMENTS. Default is "true".</p>
+</li>
+<li>
+<p>ADD_USERNAMETOKEN_NONCE (addUsernameTokenNonce) - Whether to add a Nonce Element to a UsernameToken (for plaintext). Default
+is "false"</p>
+</li>
+<li>
+<p>ADD_USERNAMETOKEN_CREATED (addUsernameTokenCreated) - Whether to add a Created Element to a UsernameToken (for plaintext).
+Default is "false"</p>
+</li>
+<li>
+<p>ALLOW_USERNAMETOKEN_NOPASSWORD (allowUsernameTokenNoPassword) - Whether a UsernameToken with no password element is allowed. Default is
+"false".</p>
+</li>
+<li>
+<p>VALIDATE_SAML_SUBJECT_CONFIRMATION (validateSamlSubjectConfirmation) - Whether to validate the SubjectConfirmation requirements of a received
+SAML Token (sender-vouches or holder-of-key). Default is "true".</p>
+</li>
+<li>
+<p>INCLUDE_SIGNATURE_TOKEN (includeSignatureToken) - Whether to include the Signature Token in the security header as well or
+not (for IssuerSerial + Thumbprint cases). Default is "false"</p>
+</li>
+<li>
+<p>INCLUDE_ENCRYPTION_TOKEN (includeEncryptionToken) - Whether to include the Encryption Token in the security header as well or
+not (for IssuerSerial, Thumbprint, SKI cases). Default is "false"</p>
+</li>
+<li>
+<p>ENABLE_NONCE_CACHE (enableNonceCache) - Whether to cache UsernameToken nonces. Default is "true"</p>
+</li>
+<li>
+<p>ENABLE_TIMESTAMP_CACHE (enableTimestampCache) - Whether to cache Timestamp Created Strings (these are only cached in
+conjunction with a message Signature). Default is "true"</p>
+</li>
+<li>
+<p>ENABLE_SAML_ONE_TIME_USE_CACHE (enableSamlOneTimeUseCache) - Whether to cache SAML2 Token Identifiers, if the token contains a
+"OneTimeUse" Condition. Default is "true".</p>
+</li>
+<li>
+<p>USE_2005_12_NAMESPACE (use200512Namespace) - Whether to use the 2005/12 namespace for SecureConveration + DerivedKeys,
+or the older namespace. The default is "true"</p>
+</li>
+<li>
+<p>OPTIONAL_SIGNATURE_PARTS (optionalSignatureParts) - Parameter to define which parts of the request shall be signed, if they
+exist in the request.</p>
+</li>
+<li>
+<p>OPTIONAL_ENCRYPTION_PARTS (optionalEncryptionParts) - Parameter to define which parts of the request shall be encrypted, if they
+exist in the request.</p>
+</li>
+<li>
+<p>ENC_MGF_ALGO (encryptionMGFAlgorithm) - Defines which encryption mgf algorithm to use with the RSA OAEP Key
+Transport algorithm for encryption. The default is mgfsha1.</p>
+</li>
+<li>
+<p>VALIDATOR_MAP (validatorMap) - A map of QName, Object (Validator) instances to be used to validate
+tokens identified by their QName.</p>
+</li>
+<li>
+<p>NONCE_CACHE_INSTANCE (nonceCacheInstance) - A ReplayCache instance used to cache UsernameToken nonces. The default
+instance that is used is the EHCacheReplayCache.</p>
+</li>
+<li>
+<p>TIMESTAMP_CACHE_INSTANCE (timestampCacheInstance) - A ReplayCache instance used to cache Timestamp Created Strings. The default
+instance that is used is the EHCacheReplayCache.</p>
+</li>
+<li>
+<p>SAML_ONE_TIME_USE_CACHE_INSTANCE (samlOneTimeUseCacheInstance) - A ReplayCache instance used to cache SAML2 Token Identifier Strings (if
+the token contains a OneTimeUse Condition). The default instance that is used
+is the EHCacheReplayCache.</p>
+</li>
+<li>
+<p>PASSWORD_ENCRYPTOR_INSTANCE (passwordEncryptorInstance) - A PasswordEncryptor instance used to decrypt encrypted passwords in Crypto
+properties files. The default is the JasyptPasswordEncryptor.</p>
+</li>
+<li>
+<p>DERIVED_TOKEN_REFERENCE (derivedTokenReference) - This controls how deriving tokens are referenced.</p>
+</li>
+<li>
+<p>DERIVED_TOKEN_KEY_ID (derivedTokenKeyIdentifier) - This controls the key identifier of Derived Tokens.</p>
+</li>
+<li>
+<p>DERIVED_SIGNATURE_KEY_LENGTH (derivedSignatureKeyLength) - The length to use (in bytes) when deriving a key for Signature.</p>
+</li>
+<li>
+<p>DERIVED_ENCRYPTION_KEY_LENGTH (derivedEncryptionKeyLength) - The length to use (in bytes) when deriving a key for Encryption.</p>
+</li>
+</ul>
+</div>
+</div>
+</div>
+<div class="sect3">
+<h4 id="derived_key_and_secure_conversation_namespace_change">Derived Key and Secure Conversation namespace change</h4>
+<div class="paragraph">
+<p>In WSS4J 1.6.x, the default namespace used for Derived Key and Secure
+Conversation was the older "http://schemas.xmlsoap.org/ws/2005/02/sc"
+namespace. In WSS4J 2.0.0, the default namespace is now
+"http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512". To switch
+back to use the older namespace, you can set the new configuration property
+"USE_2005_12_NAMESPACE" to "false".</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="caching_changes">Caching changes</h4>
+<div class="paragraph">
+<p>WSS4J 2.0.0 uses three EhCache-based caches by default for the following
+scenarios, to prevent replay attacks:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>UsernameToken nonces</p>
+</li>
+<li>
+<p>Signed Timestamps</p>
+</li>
+<li>
+<p>SAML 2.0 OneTimeUse Assertions</p>
+</li>
+</ul>
+</div>
+<div class="paragraph">
+<p>If you are seeing a error about "replay attacks" after upgrade, then you may
+need to disable a particular cache.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="rsa_v1_5_key_transport_algorithm_not_allowed_by_default">RSA v1.5 Key Transport algorithm not allowed by default</h4>
+<div class="paragraph">
+<p>WSS4J supports two key transport algorithms, RSA v1.5 and RSA-OAEP. A number
+of attacks exist on RSA v1.5. Therefore, you should always use RSA-OAEP as the
+key transport algorithm. In WSS4J 2.0.0, the RSA v1.5 Key Transport algorithm
+is not allowed by default (as opposed to previous versions of WSS4J, where it
+is allowed). If you wish to allow it, then you must set the
+WSHandlerConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM property to "true".</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="inclusivenamespaces_prefixlist_change">InclusiveNamespaces PrefixList change</h4>
+<div class="paragraph">
+<p>In WSS4J 1.6.x, when BSP Compliance was switched off on the outbound side, it
+had the effect that an InclusiveNamespaces PrefixList was not generated as a
+CanonicalizationMethod child of a Signature Element (as required by the BSP
+specification). In WSS4J 2.0.0, this is now controlled by a separate
+configuration tag "addInclusivePrefixes", which defaults to true.</p>
+</div>
+</div>
+</div>
+ </div>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ <div id="footer">
+ <div class="xright">
+ Apache WSS4J, WSS4J, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.
+ All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ </body>
+</html>
Added: webservices/website/wss4j/wss4j21.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/wss4j21.html?rev=1856947&view=auto
==============================================================================
--- webservices/website/wss4j/wss4j21.html (added)
+++ webservices/website/wss4j/wss4j21.html Thu Apr 4 15:31:46 2019
@@ -0,0 +1,130 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!-- Generated by Apache Maven Doxia Site Renderer 1.7.4 at 2019-04-04 -->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>Apache WSS4J – </title>
+ <style type="text/css" media="all">
+ @import url("./css/maven-base.css");
+ @import url("./css/maven-theme.css");
+ @import url("./css/site.css");
+ </style>
+ <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
+ <meta http-equiv="Content-Language" content="en" />
+
+ </head>
+ <body class="composite">
+ <div id="banner">
+ <a href="./" id="bannerLeft">
+ Apache WSS4Jâ¢
+ </a>
+ <a href="http://www.apache.org" id="bannerRight">
+ <img src="http://activemq.apache.org/images/asf-logo.png" alt="$alt" />
+ </a>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="breadcrumbs">
+
+ <div class="xleft">
+ <span id="publishDate">Last Published: 2019-04-04</span>
+ | <span id="projectVersion">Version: 2.3.0-SNAPSHOT</span>
+ </div>
+ <div class="xright">
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="leftColumn">
+ <div id="navcolumn">
+
+ <h5>Apache WSS4J</h5>
+ <ul>
+ <li class="none">
+ <a href="index.html" title="Home">Home</a>
+ </li>
+ <li class="none">
+ <a href="download.html" title="Download">Download</a>
+ </li>
+ <li class="none">
+ <a href="user_guide.html" title="User Guide">User Guide</a>
+ </li>
+ <li class="none">
+ <a href="security_advisories.html" title="Security Advisories">Security Advisories</a>
+ </li>
+ </ul>
+ <h5>Project Documentation</h5>
+ <ul>
+ <li class="collapsed">
+ <a href="project-info.html" title="Project Information">Project Information</a>
+ </li>
+ <li class="collapsed">
+ <a href="project-reports.html" title="Project Reports">Project Reports</a>
+ </li>
+ </ul>
+ <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+ <img class="poweredBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
+ </a>
+
+ </div>
+ </div>
+ <div id="bodyColumn">
+ <div id="contentBox">
+ <div class="sect2">
+<h3 id="apache_wss4j_2_1_0_migration_guide">Apache WSS4J 2.1.0 Migration Guide</h3>
+<div class="paragraph">
+<p>This section is a migration guide for helping Apache WSS4J 2.0.x users to migrate
+to the 2.1.x releases.</p>
+</div>
+<div class="sect3">
+<h4 id="jdk7_minimum_requirement">JDK7 minimum requirement</h4>
+<div class="paragraph">
+<p>WSS4J 2.0.x required JDK6 as a minimum requirement. WSS4J 2.1.x requires at
+least JDK7. The Xerces and xml-api dependencies have been removed from the DOM
+code, as they are no longer required due to the JDK7 minimum requirement.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="opensaml_3_x_migration">OpenSAML 3.x migration</h4>
+<div class="paragraph">
+<p>A key dependency change in WSS4J 2.1.0 is the upgrade from OpenSAML 2.x to
+3.x (currently 3.1.0). OpenSAML 3.x contains a large number of package
+changes. Therefore if you have any OpenSAML dependencies in a CallbackHandler
+used to create SAML Assertions in WSS4J, code changes will be required.</p>
+</div>
+<div class="paragraph">
+<p>The most common OpenSAML dependency is to include a "SAMLVersion" to tell
+the SAMLCallback whether to create a SAML 2.0 or 1.1 Assertion. WSS4J 2.1
+provides an alternative way of specifying the SAML Version, via a <a href="https://svn.apache.org/repos/asf/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/Version.java">Version</a> bean. See
+<a href="https://svn.apache.org/repos/asf/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java">here</a> for an example.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="custom_processor_changes">Custom processor changes</h4>
+<div class="paragraph">
+<p>If you have a custom Processor instance to process a token in the security
+header in some custom way, you must add the WSSecurityEngineResult that is
+generated by the processing, to the WSDocInfo Object via the "addResult"
+method. Otherwise, it will not be available when security results are
+retrieved and processed.</p>
+</div>
+</div>
+</div>
+ </div>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ <div id="footer">
+ <div class="xright">
+ Apache WSS4J, WSS4J, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.
+ All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ </body>
+</html>
Added: webservices/website/wss4j/wss4j22.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/wss4j22.html?rev=1856947&view=auto
==============================================================================
--- webservices/website/wss4j/wss4j22.html (added)
+++ webservices/website/wss4j/wss4j22.html Thu Apr 4 15:31:46 2019
@@ -0,0 +1,127 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!-- Generated by Apache Maven Doxia Site Renderer 1.7.4 at 2019-04-04 -->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>Apache WSS4J – </title>
+ <style type="text/css" media="all">
+ @import url("./css/maven-base.css");
+ @import url("./css/maven-theme.css");
+ @import url("./css/site.css");
+ </style>
+ <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
+ <meta http-equiv="Content-Language" content="en" />
+
+ </head>
+ <body class="composite">
+ <div id="banner">
+ <a href="./" id="bannerLeft">
+ Apache WSS4Jâ¢
+ </a>
+ <a href="http://www.apache.org" id="bannerRight">
+ <img src="http://activemq.apache.org/images/asf-logo.png" alt="$alt" />
+ </a>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="breadcrumbs">
+
+ <div class="xleft">
+ <span id="publishDate">Last Published: 2019-04-04</span>
+ | <span id="projectVersion">Version: 2.3.0-SNAPSHOT</span>
+ </div>
+ <div class="xright">
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="leftColumn">
+ <div id="navcolumn">
+
+ <h5>Apache WSS4J</h5>
+ <ul>
+ <li class="none">
+ <a href="index.html" title="Home">Home</a>
+ </li>
+ <li class="none">
+ <a href="download.html" title="Download">Download</a>
+ </li>
+ <li class="none">
+ <a href="user_guide.html" title="User Guide">User Guide</a>
+ </li>
+ <li class="none">
+ <a href="security_advisories.html" title="Security Advisories">Security Advisories</a>
+ </li>
+ </ul>
+ <h5>Project Documentation</h5>
+ <ul>
+ <li class="collapsed">
+ <a href="project-info.html" title="Project Information">Project Information</a>
+ </li>
+ <li class="collapsed">
+ <a href="project-reports.html" title="Project Reports">Project Reports</a>
+ </li>
+ </ul>
+ <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+ <img class="poweredBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
+ </a>
+
+ </div>
+ </div>
+ <div id="bodyColumn">
+ <div id="contentBox">
+ <div class="sect2">
+<h3 id="apache_wss4j_2_2_0_migration_guide">Apache WSS4J 2.2.0 Migration Guide</h3>
+<div class="paragraph">
+<p>This section is a migration guide for helping Apache WSS4J 2.1.x users to migrate
+to the 2.2.x releases.</p>
+</div>
+<div class="sect3">
+<h4 id="jdk8_minimum_requirement">JDK8 minimum requirement</h4>
+<div class="paragraph">
+<p>WSS4J 2.1.x required JDK7 as a minimum requirement. WSS4J 2.2.x requires at
+least JDK8.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="base64_changes">Base64 changes</h4>
+<div class="paragraph">
+<p>In WSS4J 2.1.x, the Base64 implementation that ships with the JDK
+(java.util.Base64) is used, instead of the Base64 implementation that ships
+with Apache Santuario. It is unlikely, but this may have an impact on users
+who are parsing messages with Base64 implementations that depend on specific
+CR or LF characters, as the Santuario and Java Base64 implementations differ
+slightly. Both the Apache Santuario and Java Base64 implementations can
+correctly decode the messages created with Apache WSS4J 2.2.x.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="kerberos_changes">Kerberos changes</h4>
+<div class="paragraph">
+<p>There are some changes with regards to Kerberos in WSS4J 2.1.x. The
+KerberosClientAction and KerberosServiceAction classes are removed. Instead
+use KerberosClientExceptionAction and KerberosServiceExceptionAction in the
+same package. The KerberosTokenDecoderImpl is removed as we can now get access
+to the secret key via the JDK APIs. As a consequence, the ws-security-common
+module no longer has a dependency on Apache Directory.</p>
+</div>
+</div>
+</div>
+ </div>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ <div id="footer">
+ <div class="xright">
+ Apache WSS4J, WSS4J, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.
+ All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ </body>
+</html>
Added: webservices/website/wss4j/xref-test/org/apache/wss4j/common/cache/ReplayCacheTest.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/wss4j/common/cache/ReplayCacheTest.html?rev=1856947&view=auto
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/wss4j/common/cache/ReplayCacheTest.html (added)
+++ webservices/website/wss4j/xref-test/org/apache/wss4j/common/cache/ReplayCacheTest.html Thu Apr 4 15:31:46 2019
@@ -0,0 +1,87 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head><meta http-equiv="content-type" content="text/html; charset=UTF-8" />
+<title>ReplayCacheTest xref</title>
+<link type="text/css" rel="stylesheet" href="../../../../../stylesheet.css" />
+</head>
+<body>
+<div id="overview"><a href="../../../../../../testapidocs/org/apache/wss4j/common/cache/ReplayCacheTest.html">View Javadoc</a></div><pre>
+<a class="jxr_linenumber" name="L1" href="#L1">1</a> <em class="jxr_javadoccomment">/**</em>
+<a class="jxr_linenumber" name="L2" href="#L2">2</a> <em class="jxr_javadoccomment"> * Licensed to the Apache Software Foundation (ASF) under one</em>
+<a class="jxr_linenumber" name="L3" href="#L3">3</a> <em class="jxr_javadoccomment"> * or more contributor license agreements. See the NOTICE file</em>
+<a class="jxr_linenumber" name="L4" href="#L4">4</a> <em class="jxr_javadoccomment"> * distributed with this work for additional information</em>
+<a class="jxr_linenumber" name="L5" href="#L5">5</a> <em class="jxr_javadoccomment"> * regarding copyright ownership. The ASF licenses this file</em>
+<a class="jxr_linenumber" name="L6" href="#L6">6</a> <em class="jxr_javadoccomment"> * to you under the Apache License, Version 2.0 (the</em>
+<a class="jxr_linenumber" name="L7" href="#L7">7</a> <em class="jxr_javadoccomment"> * "License"); you may not use this file except in compliance</em>
+<a class="jxr_linenumber" name="L8" href="#L8">8</a> <em class="jxr_javadoccomment"> * with the License. You may obtain a copy of the License at</em>
+<a class="jxr_linenumber" name="L9" href="#L9">9</a> <em class="jxr_javadoccomment"> *</em>
+<a class="jxr_linenumber" name="L10" href="#L10">10</a> <em class="jxr_javadoccomment"> * <a href="http://www.apache.org/licenses/LICENSE-2." target="alexandria_uri">http://www.apache.org/licenses/LICENSE-2.</a>0</em>
+<a class="jxr_linenumber" name="L11" href="#L11">11</a> <em class="jxr_javadoccomment"> *</em>
+<a class="jxr_linenumber" name="L12" href="#L12">12</a> <em class="jxr_javadoccomment"> * Unless required by applicable law or agreed to in writing,</em>
+<a class="jxr_linenumber" name="L13" href="#L13">13</a> <em class="jxr_javadoccomment"> * software distributed under the License is distributed on an</em>
+<a class="jxr_linenumber" name="L14" href="#L14">14</a> <em class="jxr_javadoccomment"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</em>
+<a class="jxr_linenumber" name="L15" href="#L15">15</a> <em class="jxr_javadoccomment"> * KIND, either express or implied. See the License for the</em>
+<a class="jxr_linenumber" name="L16" href="#L16">16</a> <em class="jxr_javadoccomment"> * specific language governing permissions and limitations</em>
+<a class="jxr_linenumber" name="L17" href="#L17">17</a> <em class="jxr_javadoccomment"> * under the License.</em>
+<a class="jxr_linenumber" name="L18" href="#L18">18</a> <em class="jxr_javadoccomment"> */</em>
+<a class="jxr_linenumber" name="L19" href="#L19">19</a>
+<a class="jxr_linenumber" name="L20" href="#L20">20</a> <strong class="jxr_keyword">package</strong> org.apache.wss4j.common.cache;
+<a class="jxr_linenumber" name="L21" href="#L21">21</a>
+<a class="jxr_linenumber" name="L22" href="#L22">22</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
+<a class="jxr_linenumber" name="L23" href="#L23">23</a> <strong class="jxr_keyword">import</strong> java.net.URL;
+<a class="jxr_linenumber" name="L24" href="#L24">24</a> <strong class="jxr_keyword">import</strong> java.time.Instant;
+<a class="jxr_linenumber" name="L25" href="#L25">25</a> <strong class="jxr_keyword">import</strong> java.util.UUID;
+<a class="jxr_linenumber" name="L26" href="#L26">26</a>
+<a class="jxr_linenumber" name="L27" href="#L27">27</a> <strong class="jxr_keyword">import</strong> org.junit.Test;
+<a class="jxr_linenumber" name="L28" href="#L28">28</a>
+<a class="jxr_linenumber" name="L29" href="#L29">29</a> <strong class="jxr_keyword">import</strong> <strong class="jxr_keyword">static</strong> org.junit.Assert.assertFalse;
+<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> <strong class="jxr_keyword">static</strong> org.junit.Assert.assertTrue;
+<a class="jxr_linenumber" name="L31" href="#L31">31</a>
+<a class="jxr_linenumber" name="L32" href="#L32">32</a> <em class="jxr_javadoccomment">/**</em>
+<a class="jxr_linenumber" name="L33" href="#L33">33</a> <em class="jxr_javadoccomment"> * Some unit tests for the ReplayCache implementations</em>
+<a class="jxr_linenumber" name="L34" href="#L34">34</a> <em class="jxr_javadoccomment"> */</em>
+<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../../org/apache/wss4j/common/cache/ReplayCacheTest.html">ReplayCacheTest</a> {
+<a class="jxr_linenumber" name="L36" href="#L36">36</a>
+<a class="jxr_linenumber" name="L37" href="#L37">37</a> @Test
+<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testMemoryReplayCache() <strong class="jxr_keyword">throws</strong> InterruptedException, IOException {
+<a class="jxr_linenumber" name="L39" href="#L39">39</a> ReplayCache replayCache = <strong class="jxr_keyword">new</strong> MemoryReplayCache();
+<a class="jxr_linenumber" name="L40" href="#L40">40</a>
+<a class="jxr_linenumber" name="L41" href="#L41">41</a> testReplayCacheInstance(replayCache);
+<a class="jxr_linenumber" name="L42" href="#L42">42</a>
+<a class="jxr_linenumber" name="L43" href="#L43">43</a> replayCache.close();
+<a class="jxr_linenumber" name="L44" href="#L44">44</a> }
+<a class="jxr_linenumber" name="L45" href="#L45">45</a>
+<a class="jxr_linenumber" name="L46" href="#L46">46</a> @Test
+<a class="jxr_linenumber" name="L47" href="#L47">47</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testEhCacheReplayCache() <strong class="jxr_keyword">throws</strong> InterruptedException, IOException {
+<a class="jxr_linenumber" name="L48" href="#L48">48</a> ReplayCache replayCache = <strong class="jxr_keyword">new</strong> EHCacheReplayCache(<span class="jxr_string">"xyz"</span>, (URL)<strong class="jxr_keyword">null</strong>);
+<a class="jxr_linenumber" name="L49" href="#L49">49</a>
+<a class="jxr_linenumber" name="L50" href="#L50">50</a> testReplayCacheInstance(replayCache);
+<a class="jxr_linenumber" name="L51" href="#L51">51</a>
+<a class="jxr_linenumber" name="L52" href="#L52">52</a> replayCache.close();
+<a class="jxr_linenumber" name="L53" href="#L53">53</a> }
+<a class="jxr_linenumber" name="L54" href="#L54">54</a>
+<a class="jxr_linenumber" name="L55" href="#L55">55</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> testReplayCacheInstance(ReplayCache replayCache) <strong class="jxr_keyword">throws</strong> InterruptedException, IOException {
+<a class="jxr_linenumber" name="L56" href="#L56">56</a>
+<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_comment">// Test default TTL caches OK</em>
+<a class="jxr_linenumber" name="L58" href="#L58">58</a> String id = UUID.randomUUID().toString();
+<a class="jxr_linenumber" name="L59" href="#L59">59</a> replayCache.add(id);
+<a class="jxr_linenumber" name="L60" href="#L60">60</a> assertTrue(replayCache.contains(id));
+<a class="jxr_linenumber" name="L61" href="#L61">61</a>
+<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_comment">// Test specifying TTL caches OK</em>
+<a class="jxr_linenumber" name="L63" href="#L63">63</a> id = UUID.randomUUID().toString();
+<a class="jxr_linenumber" name="L64" href="#L64">64</a> replayCache.add(id, Instant.now().plusSeconds(100L));
+<a class="jxr_linenumber" name="L65" href="#L65">65</a> assertTrue(replayCache.contains(id));
+<a class="jxr_linenumber" name="L66" href="#L66">66</a>
+<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_comment">// Test expiration</em>
+<a class="jxr_linenumber" name="L68" href="#L68">68</a> id = UUID.randomUUID().toString();
+<a class="jxr_linenumber" name="L69" href="#L69">69</a> replayCache.add(id, Instant.now().plusSeconds(1L));
+<a class="jxr_linenumber" name="L70" href="#L70">70</a> Thread.sleep(1250L);
+<a class="jxr_linenumber" name="L71" href="#L71">71</a> assertFalse(replayCache.contains(id));
+<a class="jxr_linenumber" name="L72" href="#L72">72</a>
+<a class="jxr_linenumber" name="L73" href="#L73">73</a> }
+<a class="jxr_linenumber" name="L74" href="#L74">74</a> }
+</pre>
+<hr/>
+<div id="footer">Copyright © 2004–2019 <a href="http://www.apache.org/">The Apache Software Foundation</a>. All rights reserved.</div>
+</body>
+</html>