You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2014/01/09 11:30:07 UTC
svn commit: r1556777 [20/23] - in /webservices/website/wss4j: ./ apidocs/
apidocs/org/apache/ws/security/ apidocs/org/apache/ws/security/action/
apidocs/org/apache/ws/security/action/class-use/
apidocs/org/apache/ws/security/cache/ apidocs/org/apache/w...
Modified: webservices/website/wss4j/topics.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/topics.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/topics.html (original)
+++ webservices/website/wss4j/topics.html Thu Jan 9 10:29:54 2014
@@ -1,211 +1,287 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 13, 2013 -->
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
- <title>Apache WSS4J - </title>
- <style type="text/css" media="all">
- @import url("./css/maven-base.css");
- @import url("./css/maven-theme.css");
- @import url("./css/site.css");
- </style>
- <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
- <meta name="Date-Revision-yyyymmdd" content="20131113" />
- <meta http-equiv="Content-Language" content="en" />
-
- </head>
- <body class="composite">
- <div id="banner">
- <a href="./" id="bannerLeft">
- Apache WSS4J
- </a>
- <a href="http://www.apache.org" id="bannerRight">
- <img src="http://activemq.apache.org/images/asf-logo.png" alt="$alt" />
- </a>
- <div class="clear">
- <hr/>
- </div>
- </div>
- <div id="breadcrumbs">
-
-
- <div class="xleft">
- <span id="publishDate">Last Published: 2013-11-13</span>
- | <span id="projectVersion">Version: 1.6.13</span>
- </div>
- <div class="xright">
-
- </div>
- <div class="clear">
- <hr/>
- </div>
- </div>
- <div id="leftColumn">
- <div id="navcolumn">
-
-
- <h5>Apache WSS4J</h5>
- <ul>
- <li class="none">
- <a href="index.html" title="Home">Home</a>
- </li>
- <li class="none">
- <a href="download.html" title="Download">Download</a>
- </li>
- <li class="none">
- <a href="using.html" title="Using WSS4J">Using WSS4J</a>
- </li>
- <li class="none">
- <a href="config.html" title="WSS4J Configuration">WSS4J Configuration</a>
- </li>
- <li class="none">
- <strong>Special Topics</strong>
- </li>
- <li class="none">
- <a href="best_practice.html" title="Security Best Practices">Security Best Practices</a>
- </li>
- <li class="none">
- <a href="wss4j16.html" title="WSS4J 1.6 Release Notes">WSS4J 1.6 Release Notes</a>
- </li>
- </ul>
- <h5>Project Documentation</h5>
- <ul>
- <li class="collapsed">
- <a href="project-info.html" title="Project Information">Project Information</a>
- </li>
- <li class="collapsed">
- <a href="project-reports.html" title="Project Reports">Project Reports</a>
- </li>
- </ul>
- <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
- <img class="poweredBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
- </a>
-
-
- </div>
- </div>
- <div id="bodyColumn">
- <div id="contentBox">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!-- Generated by Apache Maven Doxia Site Renderer 1.4 at 2014-01-03 -->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>Apache WSS4J - </title>
+ <style type="text/css" media="all">
+ @import url("./css/maven-base.css");
+ @import url("./css/maven-theme.css");
+ @import url("./css/site.css");
+ </style>
+ <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
+ <meta name="Date-Revision-yyyymmdd" content="20140103" />
+ <meta http-equiv="Content-Language" content="en" />
+ </head>
+ <body class="composite">
+ <div id="banner">
+ <a href="./" id="bannerLeft">
+ Apache WSS4J
+ </a>
+ <a href="http://www.apache.org" id="bannerRight">
+ <img src="http://activemq.apache.org/images/asf-logo.png" alt="$alt" />
+ </a>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="breadcrumbs">
+
+
+ <div class="xleft">
+ <span id="publishDate">Last Published: 2014-01-03</span>
+ | <span id="projectVersion">Version: 1.6.14</span>
+ </div>
+ <div class="xright">
+
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="leftColumn">
+ <div id="navcolumn">
+
+
+ <h5>Apache WSS4J</h5>
+ <ul>
+ <li class="none">
+ <a href="index.html" title="Home">Home</a>
+ </li>
+ <li class="none">
+ <a href="download.html" title="Download">Download</a>
+ </li>
+ <li class="none">
+ <a href="using.html" title="Using WSS4J">Using WSS4J</a>
+ </li>
+ <li class="none">
+ <a href="config.html" title="WSS4J Configuration">WSS4J Configuration</a>
+ </li>
+ <li class="none">
+ <strong>Special Topics</strong>
+ </li>
+ <li class="none">
+ <a href="best_practice.html" title="Security Best Practices">Security Best Practices</a>
+ </li>
+ <li class="none">
+ <a href="wss4j16.html" title="WSS4J 1.6 Release Notes">WSS4J 1.6 Release Notes</a>
+ </li>
+ </ul>
+ <h5>Project Documentation</h5>
+ <ul>
+ <li class="collapsed">
+ <a href="project-info.html" title="Project Information">Project Information</a>
+ </li>
+ <li class="collapsed">
+ <a href="project-reports.html" title="Project Reports">Project Reports</a>
+ </li>
+ </ul>
+ <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+ <img class="poweredBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
+ </a>
+
+
+ </div>
+ </div>
+ <div id="bodyColumn">
+ <div id="contentBox">
+
+
+<div class="section">
+<h2>WSS4J Special Topics<a name="WSS4J_Special_Topics"></a></h2>
-<div class="section"><h2>WSS4J Special Topics<a name="WSS4J_Special_Topics"></a></h2>
<p>
This page discusses various topics regarding usage of WSS4J. See the <a class="externalLink" href="http://ws.apache.org/wss4j/using.html">Using Apache WSS4J</a> page for web stack-specific usage notes.
</p>
-<div class="section"><h3>Crypto Interface<a name="Crypto_Interface"></a></h3>
+
+<div class="section">
+<h3>Crypto Interface<a name="Crypto_Interface"></a></h3>
+
<p>
WSS4J uses the Crypto interface to provide a pluggable way of retrieving and converting certificates, verifying trust on certificates etc. Two implementations are provided out of the box by WSS4J -- the standard <a class="externalLink" href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/components/crypto/Merlin.java?view=markup">Merlin implementation</a> which holds one keystore and one truststore and <a class="externalLink" href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/components/crypto/CertificateStore.java?view=markup">Certificate Store</a> that holds an array of X509Certificates, however presently is only useful for signature verification and encryption (cannot be used for decryption or signing).
</p>
</div>
-<div class="section"><h3>Verifying Public Keys<a name="Verifying_Public_Keys"></a></h3>
+
+<div class="section">
+<h3>Verifying Public Keys<a name="Verifying_Public_Keys"></a></h3>
+
<p>In WSS4J 1.5.x, trust validation of public keys involved construction of a PublicKeyCallback instance, passing it the PublicKey object, and invoking the CallbackHandler. It then called a "isVerified" method on the Callback to check to see whether the CallbackHandler had verified the PublicKey or not. The CallbackHandler implementation needed to call the "verifyTrust" method on the PublicKeyCallback, passing in a KeyStore object. This method iterates through each Certificate in the KeyStore, and checks to see whether the PublicKeys match.</p>
+
<p>In WSS4J 1.6.x, trust validation of public keys was moved from a WSS4J 1.5's PublicKeyCallback instance to the Crypto interface, where the argument is now a PublicKey object. In this way, validation is done using the same interface as for trust validation for Certificates, and the end-user has no need to consider the special-case of verifying public keys in the CallbackHandler, as it is taken care of internally by WSS4J.</p>
</div>
-<div class="section"><h3>Introducing Validators<a name="Introducing_Validators"></a></h3>
+
+<div class="section">
+<h3>Introducing Validators<a name="Introducing_Validators"></a></h3>
+
<p>WSS4J 1.6 introduces the concept of a Validator, for validating credentials that have been processed by a Processor instance.</p>
+
<p>An inbound security header is processed by WSS4J by iterating through each child element of the header, and by calling the appropriate Processor implementation to deal with each element. In WSS4J 1.5.x, some processors perform validation on the received token (e.g. UsernameTokens), whereas others store the processing results for later verification by third-party WS-Handler implementations (e.g. Timestamp verification, Certificate trust verification). There are some problems with this approach:</p>
+
<ul>
+
<li>It is not consistent, some processors perform validation, others do not.</li>
+
<li>There is a potential security hole, in that it is assumed third-party code will know to validate the credentials that the WSS4J processors do not validate.</li>
+
<li>WSS4J will continue to process the rest of the security header even if the Timestamp is invalid, or the certificate non-trusted, which could lead to denial-of-service attacks.</li>
+
<li>There is no separation of concerns between processing the token and validating the token. If you want to change how the token is validated, you must replace the processor instance.</li>
</ul>
+
<p>WSS4J 1.6 has moved Timestamp verification and certificate trust validation back into the processing of the security header, thus solving the first three points above. The fourth point is met by the new concept of Validators, as well as some changes to the way Processors and CallbackHandler implementations are used in WSS4J 1.6.</p>
+
<p>In WSS4J 1.5.x, CallbackHandler implementations are used in different ways by different processors, sometimes they are expected to verify a password (as for processing UsernameTokens), and other times they are expected to supply a password (as for decryption). In WSS4J 1.6, CallbackHandler implementations are only expected to supply a password (if it exists) to the processors. The Processor implementations do not perform any validation of the security token, instead they package up the processed token, along with any (password) information extracted from the CallbackHandler, and hand it off to a Validator implementation for Validation.</p>
+
<p>The Processor implementations get the specific Validator implementation to use via the RequestData parameter, which in turn asks a WSSConfig object for the Validator implementation. If the Validator is null, then no Validation is performed on the received token. The Processor then stores the received token as normal. WSS4J 1.6 comes with several default Validators, which are:</p>
+
<ul>
+
<li>NoOpValidator: Does no processing of the credential</li>
+
<li>TimestampValidator: Validates a Timestamp</li>
+
<li>UsernameTokenValidator: Validates a UsernameToken</li>
+
<li>SignatureTrustValidator: Verifies trust in a signature</li>
+
<li>SamlAssertionValidator: Checks some HOK requirements on a SAML Assertion, and verifies trust on the (enveloped) signature.</li>
</ul>
+
<p>There are some additional WSSecurityEngineResult constants that pertain to the Validator implementations:</p>
+
<ul>
+
<li>TAG_VALIDATED_TOKEN: Indicates that the token corresponding to this result has been validated by a Validator implementation. Some of the processors do not have a default Validator implementation.</li>
+
<li>TAG_TRANSFORMED_TOKEN: A Validator implementation may transform a credential (into a SAML Assertion) as a result of Validation. This tag holds a reference to an AssertionWrapper instance, that represents a transformed version of the validated credential.</li>
</ul>
+
<p>To validate an inbound UsernameToken in some custom way, simply associate the NoOpValidator with the UsernameToken QName in the WSSConfig of the RequestData object used to supply context information to the processors. After WSS4J has finished processing the security header, then extract the WSSecurityEngineResult instance corresponding to the WSConstants.UT action, and perform some custom validation on the token.</p>
+
<p>To validate plaintext passwords against a directory store, rather than have the CallbackHandler set the password: Simply @Override the verifyPlaintextPassword(UsernameToken usernameToken) method in the validator. By simply plugging in a validator on the UsernameTokenProcessor (such as the NoOpValidator), it is possible to do any kind of custom validation (or none at all) on the token.</p>
+
<p>An example of how to add a custom Validator implementation is the STSTokenValidator in CXF 2.4.0. The <a class="externalLink" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java?view=markup">STSTokenValidator</a> tries to validate a received SAML Assertion locally, and if that fails, it dispatches it to a Security Token Service (STS) via the WS-Trust interface for validation. It also supports validating a UsernameToken and BinarySecurityToken in the same manner. The <a class="externalLink" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?view=markup">SecurityConstants</a> class defines some configuration tags for specifying a custom validator for inbound SAML1, SAML2, UsernameToken, BinarySecurityToken, Signature and Timestamps. The STSTokenValidator can be configured by associating it with the appropriate configuration tag.</p>
</div>
-<div class="section"><h3>Specifying elements to sign or encrypt<a name="Specifying_elements_to_sign_or_encrypt"></a></h3>
+
+<div class="section">
+<h3>Specifying elements to sign or encrypt<a name="Specifying_elements_to_sign_or_encrypt"></a></h3>
+
<p>The signature and encryption creation code in WSS4J uses the WSEncryptionPart class to find DOM elements to sign and encrypt. There are a number of minor changes to how elements are located from a WSEncryptionPart in WSS4J 1.6:</p>
+
<ol style="list-style-type: decimal">
+
<li>WSEncryptionPart now stores an optional DOM element, which will be used as the element to sign/encrypt if it is non-null.</li>
+
<li>Failing this, it finds the SOAP body and compares the wsu:Id with the stored Id, or if there is no stored Id in WSEncryptionPart, it checks the stored localname/namespace.</li>
+
<li>Failing this, if the stored Id in WSEncryptionPart is not null, it tries to find the first element in the SOAP envelope that has a matching wsu:Id.</li>
+
<li>If the stored Id is null, it tries to find *all* DOM Elements that match the stored localname/namespace.</li>
</ol>
+
<p>WSEncryptionPart is intended to refer to a single Element for encryption/signature. However, as a localname/namespace is not necessarily unique, point 4 will return all matching Elements. An important implication of the order of the steps given above, is that client code should set the DOM element on the WSEncryptionPart if it is accessible, and if not, it should set the wsu:Id. Otherwise, a localname/namespace (which is not referring to the SOAP Body) will result in a traversal of the DOM tree.</p>
+
<p>The DOM element(s) that is(are) found are stored for retrieval, so that we don't need to traverse the SOAP envelope multiple times, when e.g. doing an STR Transform, or for element location in the XML Security code.</p>
</div>
-<div class="section"><h3>WSPasswordCallback identifiers<a name="WSPasswordCallback_identifiers"></a></h3>
+
+<div class="section">
+<h3>WSPasswordCallback identifiers<a name="WSPasswordCallback_identifiers"></a></h3>
+
<p>The <a class="externalLink" href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSPasswordCallback.java?view=markup">WSPasswordCallback class</a> defines a set of integers which correspond to usage instructions for the CallbackHandler. In WSS4J 1.6, the following WSPasswordCallback identifiers are used:</p>
+
<ul>
+
<li>WSPasswordCallback.DECRYPT - DECRYPT usage is used when the calling code needs a password to get the private key of this identifier (alias) from a keystore. This is only used for the inbound case of decrypting a session (symmetric) key, and not for the case of getting a private key to sign the message. The CallbackHandler must set the password via the setPassword(String) method.</li>
+
<li>WSPasswordCallback.USERNAME_TOKEN - USERNAME_TOKEN usage is used to obtain a password for either creating a Username Token (whether plaintext or digest), or for validating it. It is also used for the case of deriving a key from a Username Token. The CallbackHandler must set the password via the setPassword(String) method.</li>
+
<li>WSPasswordCallback.SIGNATURE - SIGNATURE usage is used on the outbound side only, to get a password to get the private key of this identifier (alias) from a keystore. The CallbackHandler must set the password via the setPassword(String) method.</li>
+
<li>WSPasswordCallback.SECURITY_CONTEXT_TOKEN - SECURITY_CONTEXT_TOKEN usage is for the case of when we want the CallbackHandler to supply the key associated with a SecurityContextToken. The CallbackHandler must set the key via the setKey(byte[]) method.</li>
+
<li>WSPasswordCallback.CUSTOM_TOKEN - CUSTOM_TOKEN usage is used for the case that we want the CallbackHandler to supply a token as a DOM Element. For example, this is used for the case of a reference to a SAML Assertion or Security Context Token that is not in the message. The CallbackHandler must set the token via the setCustomToken(Element) method.</li>
+
<li>WSPasswordCallback.SECRET_KEY - SECRET_KEY usage is used for the case that we want to obtain a secret key for encryption or signature on the outbound side, or for decryption or verification on the inbound side. The CallbackHandler must set the key via the setKey(byte[]) method.</li>
</ul>
</div>
-<div class="section"><h3>UsernameToken handling in WSS4J 1.6<a name="UsernameToken_handling_in_WSS4J_1.6"></a></h3>
+
+<div class="section">
+<h3>UsernameToken handling in WSS4J 1.6<a name="UsernameToken_handling_in_WSS4J_1.6"></a></h3>
+
<p>The CallbackHandler interface receives and requires the following information when handling UsernameTokens:</p>
+
<ul>
+
<li>For both digest and plaintext cases, the CallbackHandler is given the username, password type and an identifier of WSPasswordCallback.USERNAME_TOKEN. It must set the password on the callback, and the validator does the comparison.</li>
+
<li>The custom password type case defaults to the same behaviour as the plaintext case, assuming wssConfig.getHandleCustomPasswordTypes() returns true.</li>
+
<li>For the case of a username token with no password element, the default behaviour is simply to ignore it, and to store it as a new result of type WSConstants.UT_NOPASSWORD.</li>
</ul>
</div>
-<div class="section"><h3>Support for SAML2 assertions in WSS4J 1.6<a name="Support_for_SAML2_assertions_in_WSS4J_1.6"></a></h3>
+
+<div class="section">
+<h3>Support for SAML2 assertions in WSS4J 1.6<a name="Support_for_SAML2_assertions_in_WSS4J_1.6"></a></h3>
+
<p>Support for SAML2 assertions has finally arrived in WSS4J, via the forthcoming 1.6 release. This has been a <a class="externalLink" href="http://issues.apache.org/jira/browse/WSS-146">long-standing</a> feature request. WSS4J 1.5.x only supports SAML 1.1 assertions via the deprecated <a class="externalLink" href="https://spaces.internet2.edu/display/OpenSAML/OS1Status">Opensaml1</a>, and it supports them in a very limited manner, namely:</p>
-<ul><li>It only supports the creation of Authentication statements.</li>
+
+<ul>
+<li>It only supports the creation of Authentication statements.</li>
+
<li>Processing essentially involves saving the assertions, it did not support validating enveloped signatures, or trust on the signatures, etc.</li>
</ul>
+
<p>Several patches were submitted to <a class="externalLink" href="http://issues.apache.org/jira/browse/WSS-146">WSS-146</a> to upgrade WSS4J to use Opensaml2. SAML2 support in WSS4J 1.6 consists of:</p>
-<ul><li>Support for creating signed/unsigned SAML 1.1/2.0 assertions, containing authentication, authorization, attribute statements etc.</li>
+
+<ul>
+<li>Support for creating signed/unsigned SAML 1.1/2.0 assertions, containing authentication, authorization, attribute statements etc.</li>
+
<li> This extensibility is achieved by letting the user implement a CallbackHandler instance.</li>
+
<li>The SAMLTokenProcessor can now process any type of assertion, verify an enveloped signature on it, and verify trust on the signature. It also verifies some holder-of-key requirements, e.g. that the Subject contains a KeyInfo element, and that the assertion is signed and trusted etc.</li>
</ul>
+
<p>WSS4J 1.6 contains an <a class="externalLink" href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/">extensive set of tests</a> for both creating and processing different type of assertions. To illustrate the flexibility and simplicity of the CallbackHandler approach for constructing assertions, take a look at an abstract CallbackHandler <a class="externalLink" href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java?view=markup">here</a>, as well as the concrete implementations (<a class="externalLink" href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1CallbackHandler.java?view=markup">SAML 1.1</a> and <a class="externalLink" href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java?view=markup">SAML 2</a>). As you can see, a fa
irly small amount of code can create a large variety of assertions.</p>
+
<p>Opensaml2 has a very large set of dependencies, but through some judicious pom exclusions, as well replacing the Opensaml DefaultBootstrap code to avoid loading velocity, the following dependencies are introduced in WSS4J via Opensaml (snippet from mvn dependency):</p>
-<div><pre>
+
+<div>
+<pre>
+- org.opensaml:opensaml:jar:2.4.1:compile
| \- org.opensaml:openws:jar:1.4.1:compile
| \- org.opensaml:xmltooling:jar:1.3.1:compile
@@ -213,34 +289,52 @@ WSS4J uses the Crypto interface to provi
| \- joda-time:joda-time:jar:1.6.2:compile
</pre></div>
+
<p>The WSS4J 1.6 pom currently has a dependency on the Shibboleth <a class="externalLink" href="http://shibboleth.internet2.edu/downloads/maven2/">repo</a>, where the Opensaml2 artifacts live. It is planned on getting the Opensaml2 artifacts into Maven central in time for the 1.6 release - this is slightly complicated by the fact that some of the Opensaml2 dependencies are themselves not in Maven Central.
</p>
+
<p>One known <a class="externalLink" href="http://issues.apache.org/jira/browse/WSS-265">issue</a> is that WSS4J cannot create an Assertion which has an EncryptedKey element in the Subject. This is due to a bug in Opensaml2 which has been <a class="externalLink" href="https://bugs.internet2.edu/jira/browse/JOWS-26">fixed</a>, but not released yet.</p>
+
<p>
The Opensaml2 port has a large impact on existing code for *creating* assertions, however it is thought that very few people used that code. It has a minimal impact on existing code for processing assertions, with several caveats:</p>
-<ul><li>WSS4J 1.5.x ignored (enveloped) signatures on SAML (1.1) assertions - this is no longer the case, so deployments which do not set the correct keystore/truststore config for dealing with signature verification will fail</li>
+
+<ul>
+<li>WSS4J 1.5.x ignored (enveloped) signatures on SAML (1.1) assertions - this is no longer the case, so deployments which do not set the correct keystore/truststore config for dealing with signature verification will fail</li>
+
<li> The SAMLTokenProcessor no longer saves all tokens as an "WSConstants.ST_UNSIGNED" action. It saves tokens that do not have an enveloped signature as this action, and token which *do* have an enveloped signature are saved as a "WSConstants.ST_SIGNED" action.</li>
+
<li>The object that is saved as part of the action above has changed, from an Opensaml1 specific Assertion object, to an AssertionWrapper instance, which is a WSS4J specific object which encapsulates an Assertion, as well as some information corresponding to signature verification, etc.</li>
</ul>
</div>
-<div class="section"><h3>JSR-105 support<a name="JSR-105_support"></a></h3>
+
+<div class="section">
+<h3>JSR-105 support<a name="JSR-105_support"></a></h3>
+
<p>WSS4J 1.6 has been ported to use the <a class="externalLink" href="http://jcp.org/en/jsr/detail?id=105">JSR 105</a> API for XML Digital Signature. Previously, WSS4J 1.5.x used the custom API of the Apache <a class="externalLink" href="http://santuario.apache.org/">Santuario</a> XML Security for Java library to create and process XML Digital Signatures.</p>
+
<p>
WSS4J 1.6 has a minimum requirement of JDK 1.5 (note that WSS4J 1.5.x supports JDK 1.4). As JDK 1.5 does not contain an implementation of JSR 105, this means that XML Digital Signature is done via the JSR 105 implementation of Apache Santuario. However, when JDK 1.6+ is used, WSS4J 1.6 uses the JDK implementation of JSR 105 for signature creation and verification. You can override this by endorsing the Santuario jar.</p>
+
<p>
The Apache Santuario XML Security jar is still required for the JDK 1.6 case, as there are compile-time dependencies in WSS4J for encryption/decryption, as well as for some algorithm parsing, and resource resolver stuff. One downside to the Santuario jar, is its dependence on Xalan for a small subset of operations. This dependency will be <a class="externalLink" href="https://issues.apache.org/jira/browse/SANTUARIO-252">removed</a> for the 1.5 release of that library (in a few months).</p>
+
<p>
It is worth noting some changes to the main <a class="externalLink" href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java?view=markup">class</a> used in WSS4J for signature creation as a result of the JSR-105 port. In WSS4J 1.5.x, after the signature certs and list of references to sign had been configured, the "computeSignature" method was called to compute the signature. The DOM element corresponding to the signature was independent of the pre-existing security header, and could be extracted later and inserted into the security header.</p>
+
<p>
In WSS4J 1.6, you must tell "computeSignature" where to insert the signature element. A boolean "prepend" argument allows you to configure whether to prepend the generated Signature element to the security header, or whether to append it. If prepend is true, then an optional siblingElement argument can be used to prepend the signature element before this sibling element. Once computeSignature has been called, you have no control over where the signature element is inserted into the security header.</p>
</div>
-<div class="section"><h3>Basic Security Profile 1.1 compliance<a name="Basic_Security_Profile_1.1_compliance"></a></h3>
+
+<div class="section">
+<h3>Basic Security Profile 1.1 compliance<a name="Basic_Security_Profile_1.1_compliance"></a></h3>
+
<p>The Basic Security Profile (BSP) 1.1 <a class="externalLink" href="http://www.ws-i.org/Profiles/BasicSecurityProfile-1.1.html">specification</a> provides an industry-standard way of making sure that different WS-Security stacks can communicate with each other, by clarifying and narrowing the scope of the various WS-Security standards. WSS4J 1.5.x does not implement the BSP in any meaningful way. The <a class="externalLink" href="http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java?view=markup">WSSConfig</a> class supports a "isWsiBSPCompliant" method (default is false), which will enable the generation of an InclusivePrefix list for signature generation, something that is mandated by the BSP spec.</p>
+
<p>
WSS4J 1.6 provides <a class="externalLink" href="https://issues.apache.org/jira/browse/WSS-256">support</a> for the BSP 1.1 specification, in so far as it pertains to the core WS-Security specifications that WSS4J supports. The enforcing of BSP compliance for inbound messages is controlled by the WSSConfig class, as per WSS4J 1.5.x. An important change is that BSP compliance is now turned <b>on </b>by default. In addition, a new <a class="externalLink" href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/handler/WSHandlerConstants.java?view=markup">WSHandlerConstants</a> configuration parameter has been added so that BSP compliance can be controlled via a WSHandler implementation.</p>
@@ -248,22 +342,22 @@ WSS4J 1.6 provides <a class="externalLin
</div>
-
- </div>
- </div>
- <div class="clear">
- <hr/>
- </div>
- <div id="footer">
- <div class="xright">
- Copyright © 2004-2013
- <a href="http://www.apache.org/">The Apache Software Foundation</a>.
- All Rights Reserved.
-
- </div>
- <div class="clear">
- <hr/>
- </div>
- </div>
- </body>
-</html>
+
+ </div>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ <div id="footer">
+ <div class="xright">
+ Copyright © 2004-2014
+ <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+ All Rights Reserved.
+
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ </body>
+</html>
Modified: webservices/website/wss4j/using.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/using.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/using.html (original)
+++ webservices/website/wss4j/using.html Thu Jan 9 10:29:54 2014
@@ -1,208 +1,243 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 13, 2013 -->
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
- <title>Apache WSS4J - </title>
- <style type="text/css" media="all">
- @import url("./css/maven-base.css");
- @import url("./css/maven-theme.css");
- @import url("./css/site.css");
- </style>
- <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
- <meta name="Date-Revision-yyyymmdd" content="20131113" />
- <meta http-equiv="Content-Language" content="en" />
-
- </head>
- <body class="composite">
- <div id="banner">
- <a href="./" id="bannerLeft">
- Apache WSS4J
- </a>
- <a href="http://www.apache.org" id="bannerRight">
- <img src="http://activemq.apache.org/images/asf-logo.png" alt="$alt" />
- </a>
- <div class="clear">
- <hr/>
- </div>
- </div>
- <div id="breadcrumbs">
-
-
- <div class="xleft">
- <span id="publishDate">Last Published: 2013-11-13</span>
- | <span id="projectVersion">Version: 1.6.13</span>
- </div>
- <div class="xright">
-
- </div>
- <div class="clear">
- <hr/>
- </div>
- </div>
- <div id="leftColumn">
- <div id="navcolumn">
-
-
- <h5>Apache WSS4J</h5>
- <ul>
- <li class="none">
- <a href="index.html" title="Home">Home</a>
- </li>
- <li class="none">
- <a href="download.html" title="Download">Download</a>
- </li>
- <li class="none">
- <strong>Using WSS4J</strong>
- </li>
- <li class="none">
- <a href="config.html" title="WSS4J Configuration">WSS4J Configuration</a>
- </li>
- <li class="none">
- <a href="topics.html" title="Special Topics">Special Topics</a>
- </li>
- <li class="none">
- <a href="best_practice.html" title="Security Best Practices">Security Best Practices</a>
- </li>
- <li class="none">
- <a href="wss4j16.html" title="WSS4J 1.6 Release Notes">WSS4J 1.6 Release Notes</a>
- </li>
- </ul>
- <h5>Project Documentation</h5>
- <ul>
- <li class="collapsed">
- <a href="project-info.html" title="Project Information">Project Information</a>
- </li>
- <li class="collapsed">
- <a href="project-reports.html" title="Project Reports">Project Reports</a>
- </li>
- </ul>
- <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
- <img class="poweredBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
- </a>
-
-
- </div>
- </div>
- <div id="bodyColumn">
- <div id="contentBox">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!-- Generated by Apache Maven Doxia Site Renderer 1.4 at 2014-01-03 -->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>Apache WSS4J - </title>
+ <style type="text/css" media="all">
+ @import url("./css/maven-base.css");
+ @import url("./css/maven-theme.css");
+ @import url("./css/site.css");
+ </style>
+ <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
+ <meta name="Date-Revision-yyyymmdd" content="20140103" />
+ <meta http-equiv="Content-Language" content="en" />
+ </head>
+ <body class="composite">
+ <div id="banner">
+ <a href="./" id="bannerLeft">
+ Apache WSS4J
+ </a>
+ <a href="http://www.apache.org" id="bannerRight">
+ <img src="http://activemq.apache.org/images/asf-logo.png" alt="$alt" />
+ </a>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="breadcrumbs">
+
+
+ <div class="xleft">
+ <span id="publishDate">Last Published: 2014-01-03</span>
+ | <span id="projectVersion">Version: 1.6.14</span>
+ </div>
+ <div class="xright">
+
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="leftColumn">
+ <div id="navcolumn">
+
+
+ <h5>Apache WSS4J</h5>
+ <ul>
+ <li class="none">
+ <a href="index.html" title="Home">Home</a>
+ </li>
+ <li class="none">
+ <a href="download.html" title="Download">Download</a>
+ </li>
+ <li class="none">
+ <strong>Using WSS4J</strong>
+ </li>
+ <li class="none">
+ <a href="config.html" title="WSS4J Configuration">WSS4J Configuration</a>
+ </li>
+ <li class="none">
+ <a href="topics.html" title="Special Topics">Special Topics</a>
+ </li>
+ <li class="none">
+ <a href="best_practice.html" title="Security Best Practices">Security Best Practices</a>
+ </li>
+ <li class="none">
+ <a href="wss4j16.html" title="WSS4J 1.6 Release Notes">WSS4J 1.6 Release Notes</a>
+ </li>
+ </ul>
+ <h5>Project Documentation</h5>
+ <ul>
+ <li class="collapsed">
+ <a href="project-info.html" title="Project Information">Project Information</a>
+ </li>
+ <li class="collapsed">
+ <a href="project-reports.html" title="Project Reports">Project Reports</a>
+ </li>
+ </ul>
+ <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+ <img class="poweredBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
+ </a>
+
+
+ </div>
+ </div>
+ <div id="bodyColumn">
+ <div id="contentBox">
+
+
+<div class="section">
+<h2>Using Apache WSS4J<a name="Using_Apache_WSS4J"></a></h2>
-<div class="section"><h2>Using Apache WSS4J<a name="Using_Apache_WSS4J"></a></h2>
<p>
This page describes how to use Apache WSS4J, either in a standalone manner, or in conjunction with
other software packages. For information about how to configure WSS4J 1.6, see the
<a href="config.html">configuration page</a>.
</p>
-<div class="section"><h3>Standalone<a name="Standalone"></a></h3>
+
+<div class="section">
+<h3>Standalone<a name="Standalone"></a></h3>
+
<p>
Apache WSS4J provides a set of APIs to implement WS-Security functionality on a SOAP message. It is
possible to use these APIs directly in a standalone manner. The best way of finding out how to do
this is to take a look at the test sources. For example:
</p>
+
<ul>
+
<li>
<a href="xref-test/org/apache/ws/security/message/UsernameTokenTest.html">Username Token Test</a>
</li>
+
<li>
<a href="xref-test/org/apache/ws/security/message/EncryptionTest.html">Encryption Test</a>
</li>
+
<li>
<a href="xref-test/org/apache/ws/security/message/SignatureTest.html">Signature Test</a>
</li>
+
<li>
<a href="xref-test/org/apache/ws/security/message/TimestampTest.html">Timestamp Test</a>
</li>
+
<li>
<a href="xref-test/org/apache/ws/security/saml/SamlTokenTest.html">SAML Token Test</a>
</li>
</ul>
</div>
-<div class="section"><h3>Apache CXF<a name="Apache_CXF"></a></h3>
+
+<div class="section">
+<h3>Apache CXF<a name="Apache_CXF"></a></h3>
+
<p>
<a class="externalLink" href="http://cxf.apache.org">Apache CXF</a> is an open-source web services stack. CXF uses
WSS4J to perform the core WS-Security functionality, and provides extended security functionality
based around the WS-SecurityPolicy, WS-SecureConversation and WS-Trust specifications. More
information:
</p>
+
<ul>
+
<li>
<a class="externalLink" href="http://cxf.apache.org/docs/ws-security.html">CXF WS-Security configuration</a>
</li>
+
<li>
<a class="externalLink" href="http://cxf.apache.org/docs/ws-secureconversation.html">CXF WS-SecureConversation
configuration</a>
</li>
+
<li>
<a class="externalLink" href="http://cxf.apache.org/docs/ws-securitypolicy.html">CXF WS-SecurityPolicy configuration</a>
</li>
+
<li>
<a class="externalLink" href="http://cxf.apache.org/docs/ws-trust.html">CXF WS-Trust configuration</a>
</li>
+
<li>
<a class="externalLink" href="http://cxf.apache.org/resources-and-articles.html">CXF Security articles</a>
</li>
</ul>
</div>
-<div class="section"><h3>Apache Rampart<a name="Apache_Rampart"></a></h3>
+
+<div class="section">
+<h3>Apache Rampart<a name="Apache_Rampart"></a></h3>
+
<p>
<a class="externalLink" href="http://axis.apache.org/axis2/java/rampart/">Apache Rampart</a> is the security module
for the Axis2 web services stack. Rampart uses WSS4J to perform the core WS-Security functionality,
and provides extended security functionality based around the WS-SecurityPolicy,
WS-SecureConversation and WS-Trust specifications. More information:
</p>
+
<ul>
+
<li>
<a class="externalLink" href="http://axis.apache.org/axis2/java/rampart/developer-guide.html">Rampart developer guide</a>
</li>
+
<li>
<a class="externalLink" href="http://axis.apache.org/axis2/java/rampart/samples.html">Rampart samples</a>
</li>
+
<li>
<a class="externalLink" href="http://axis.apache.org/axis2/java/rampart/rampartconfig-guide.html">Rampart configuration
guide</a>
</li>
+
<li>
<a class="externalLink" href="http://axis.apache.org/axis2/java/rampart/articles.html">Rampart articles</a>
</li>
</ul>
</div>
-<div class="section"><h3>Apache Axis 1<a name="Apache_Axis_1"></a></h3>
+
+<div class="section">
+<h3>Apache Axis 1<a name="Apache_Axis_1"></a></h3>
+
<p>
The 1.5.x branch of WSS4J contains special support for
<a class="externalLink" href="http://ws.apache.org/axis/">Apache Axis 1</a>, the open-source web services stack which has been
replaced by Axis2. For some information about how to use WSS4J 1.5.x with Axis 1 see:
</p>
+
<ul>
+
<li>
<a href="axis.html">Axis deployment tutorial 1</a>
</li>
+
<li>
<a href="package.html">Axis deployment tutorial 2</a>
</li>
</ul>
+
<p>
Please note that these deployment tutorials do not apply to WSS4J 1.6+, only WSS4J 1.5.x.
</p>
</div>
</div>
-
- </div>
- </div>
- <div class="clear">
- <hr/>
- </div>
- <div id="footer">
- <div class="xright">
- Copyright © 2004-2013
- <a href="http://www.apache.org/">The Apache Software Foundation</a>.
- All Rights Reserved.
-
- </div>
- <div class="clear">
- <hr/>
- </div>
- </div>
- </body>
-</html>
+
+ </div>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ <div id="footer">
+ <div class="xright">
+ Copyright © 2004-2014
+ <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+ All Rights Reserved.
+
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ </body>
+</html>
Modified: webservices/website/wss4j/wss4j16.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/wss4j16.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/wss4j16.html (original)
+++ webservices/website/wss4j/wss4j16.html Thu Jan 9 10:29:54 2014
@@ -1,176 +1,202 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 13, 2013 -->
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
- <title>Apache WSS4J - </title>
- <style type="text/css" media="all">
- @import url("./css/maven-base.css");
- @import url("./css/maven-theme.css");
- @import url("./css/site.css");
- </style>
- <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
- <meta name="Date-Revision-yyyymmdd" content="20131113" />
- <meta http-equiv="Content-Language" content="en" />
-
- </head>
- <body class="composite">
- <div id="banner">
- <a href="./" id="bannerLeft">
- Apache WSS4J
- </a>
- <a href="http://www.apache.org" id="bannerRight">
- <img src="http://activemq.apache.org/images/asf-logo.png" alt="$alt" />
- </a>
- <div class="clear">
- <hr/>
- </div>
- </div>
- <div id="breadcrumbs">
-
-
- <div class="xleft">
- <span id="publishDate">Last Published: 2013-11-13</span>
- | <span id="projectVersion">Version: 1.6.13</span>
- </div>
- <div class="xright">
-
- </div>
- <div class="clear">
- <hr/>
- </div>
- </div>
- <div id="leftColumn">
- <div id="navcolumn">
-
-
- <h5>Apache WSS4J</h5>
- <ul>
- <li class="none">
- <a href="index.html" title="Home">Home</a>
- </li>
- <li class="none">
- <a href="download.html" title="Download">Download</a>
- </li>
- <li class="none">
- <a href="using.html" title="Using WSS4J">Using WSS4J</a>
- </li>
- <li class="none">
- <a href="config.html" title="WSS4J Configuration">WSS4J Configuration</a>
- </li>
- <li class="none">
- <a href="topics.html" title="Special Topics">Special Topics</a>
- </li>
- <li class="none">
- <a href="best_practice.html" title="Security Best Practices">Security Best Practices</a>
- </li>
- <li class="none">
- <strong>WSS4J 1.6 Release Notes</strong>
- </li>
- </ul>
- <h5>Project Documentation</h5>
- <ul>
- <li class="collapsed">
- <a href="project-info.html" title="Project Information">Project Information</a>
- </li>
- <li class="collapsed">
- <a href="project-reports.html" title="Project Reports">Project Reports</a>
- </li>
- </ul>
- <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
- <img class="poweredBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
- </a>
-
-
- </div>
- </div>
- <div id="bodyColumn">
- <div id="contentBox">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!-- Generated by Apache Maven Doxia Site Renderer 1.4 at 2014-01-03 -->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>Apache WSS4J - </title>
+ <style type="text/css" media="all">
+ @import url("./css/maven-base.css");
+ @import url("./css/maven-theme.css");
+ @import url("./css/site.css");
+ </style>
+ <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
+ <meta name="Date-Revision-yyyymmdd" content="20140103" />
+ <meta http-equiv="Content-Language" content="en" />
+ </head>
+ <body class="composite">
+ <div id="banner">
+ <a href="./" id="bannerLeft">
+ Apache WSS4J
+ </a>
+ <a href="http://www.apache.org" id="bannerRight">
+ <img src="http://activemq.apache.org/images/asf-logo.png" alt="$alt" />
+ </a>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="breadcrumbs">
+
+
+ <div class="xleft">
+ <span id="publishDate">Last Published: 2014-01-03</span>
+ | <span id="projectVersion">Version: 1.6.14</span>
+ </div>
+ <div class="xright">
+
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="leftColumn">
+ <div id="navcolumn">
+
+
+ <h5>Apache WSS4J</h5>
+ <ul>
+ <li class="none">
+ <a href="index.html" title="Home">Home</a>
+ </li>
+ <li class="none">
+ <a href="download.html" title="Download">Download</a>
+ </li>
+ <li class="none">
+ <a href="using.html" title="Using WSS4J">Using WSS4J</a>
+ </li>
+ <li class="none">
+ <a href="config.html" title="WSS4J Configuration">WSS4J Configuration</a>
+ </li>
+ <li class="none">
+ <a href="topics.html" title="Special Topics">Special Topics</a>
+ </li>
+ <li class="none">
+ <a href="best_practice.html" title="Security Best Practices">Security Best Practices</a>
+ </li>
+ <li class="none">
+ <strong>WSS4J 1.6 Release Notes</strong>
+ </li>
+ </ul>
+ <h5>Project Documentation</h5>
+ <ul>
+ <li class="collapsed">
+ <a href="project-info.html" title="Project Information">Project Information</a>
+ </li>
+ <li class="collapsed">
+ <a href="project-reports.html" title="Project Reports">Project Reports</a>
+ </li>
+ </ul>
+ <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+ <img class="poweredBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
+ </a>
+
+
+ </div>
+ </div>
+ <div id="bodyColumn">
+ <div id="contentBox">
+
+
+<div class="section">
+<h2>Apache WSS4J 1.6<a name="Apache_WSS4J_1.6"></a></h2>
-<div class="section"><h2>Apache WSS4J 1.6<a name="Apache_WSS4J_1.6"></a></h2>
<p>
This page describes the new features of WSS4J 1.6, and the things to be aware of when upgrading
from WSS4J 1.5.x.
</p>
-<div class="section"><h3>New features<a name="New_features"></a></h3>
+
+<div class="section">
+<h3>New features<a name="New_features"></a></h3>
+
<p>
This section describes the main new features that have been implemented in WSS4J 1.6. For more
information on the changes, please click on the links. You can also review the
<a class="externalLink" href="https://issues.apache.org/jira/browse/WSS/fixforversion/12313718">list of JIRAs</a>
that have been fixed in WSS4J 1.6.
</p>
+
<ul>
+
<li>
<a class="externalLink" href="http://coheigea.blogspot.com/2011/03/wss4j-16-jsr-105-support.html">JSR-105 support</a>:
WSS4J 1.6 has been ported to use the JSR 105 API for XML Digital Signature.
</li>
+
<li>
<a class="externalLink" href="http://coheigea.blogspot.com/2011/02/support-for-saml2-assertions-in-wss4j.html">
SAML2 support</a>: WSS4J 1.6 includes full support for creating, manipulating and parsing SAML2
assertions, via the Opensaml2 library.
</li>
+
<li>
Performance work: A general code-rewrite has been done with a focus on improving performance,
e.g. the <a class="externalLink" href="http://coheigea.blogspot.com/2011/01/wss4j-16-actionprocessor-loading-change.html">
changes</a> that have been made to processor loading.
</li>
+
<li>
<a class="externalLink" href="http://coheigea.blogspot.com/2011/03/wss4j-16-basic-security-profile-11.html">
Basic Security Profile 1.1 compliance</a>: WSS4J 1.6 provides support for the BSP 1.1 specification.
</li>
+
<li>
JDK 1.5 port: The JDK 1.4 requirement of WSS4J 1.5.x has been dropped as part of this work.
</li>
+
<li>
<a class="externalLink" href="http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html">
Support for Crypto trust-stores</a>: WSS4J 1.6 separates the concept of keystore and truststores for
Crypto implementations.
</li>
+
<li>
<a class="externalLink" href="http://coheigea.blogspot.com/2011/04/wss4j-16-introducing-validators.html">
New Validator interface</a>: WSS4J 1.6 moves all validation of security tokens into a new Validator
interface, which allows for custom validation of specific tokens.
</li>
+
<li>
Support for the Kerberos Token Profile (in WSS4J 1.6.2 and 1.6.3).
</li>
</ul>
</div>
-<div class="section"><h3>Upgrade notes<a name="Upgrade_notes"></a></h3>
+
+<div class="section">
+<h3>Upgrade notes<a name="Upgrade_notes"></a></h3>
+
<p>
This section describes the changes that have been made in WSS4J 1.6 that will impact on an existing
user of WSS4J 1.5.x. Although WSS4J 1.6 is not 100% backwards compatible with 1.5.x, a general goal for
the release was to restrict the API changes to those that were strictly necessary.
</p>
+
<ul>
+
<li>
All Axis1 dependencies have been removed. Any user wishing to use WSS4J with Axis1 must use the
WSS4J 1.5.x library. As Axis1 has been replaced by Axis2, this is unlikely to be an issue.
</li>
+
<li>
A number of changes have been made to the Crypto interface. See
<a class="externalLink" href="http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html">here</a>,
<a class="externalLink" href="http://coheigea.blogspot.com/2011/02/wss4j-16-changes-to-crypto-interface.html">here</a>
and <a class="externalLink" href="http://coheigea.blogspot.com/2011/02/wss4j-16-change-to-publickey-validation.html">here</a>
for an indepth explanation. In a nutshell, these changes are:
+
<ol style="list-style-type: decimal">
+
<li>
The BouncyCastle crypto implementation has been removed (replaced by Merlin)
</li>
+
<li>
A new set of Merlin "truststore" configuration tags have been added. The behaviour of the old Merlin
configuration tags will work exactly the same way in WSS4J 1.6.
</li>
+
<li>
The CA certs are now <b>not</b> loaded by default.
</li>
+
<li>
PublicKeys (from KeyValues) are now not handled by a PublicKeyCallback, but by the Crypto implementation
directly.
</li>
</ol>
</li>
+
<li>
If the WSEncryptionPart used to point to an element for signature or encryption does not either store
the element directly, or store the wsu:Id, <b>all</b> DOM Elements that match the stored
@@ -178,26 +204,32 @@ localname/namespace will be processed. S
<a class="externalLink" href="http://ws.apache.org/wss4j/topics.html#Specifying_elements_to_sign_or_encrypt">Special Topics page</a>
for more information.
</li>
+
<li>
WSS4J 1.5.x used Opensaml1 to provide extremely limited support for SAML 1 assertions. WSS4J 1.6 has
been upgraded to Opensaml2, and provides far more comprehensive support for SAML. See
<a class="externalLink" href="http://coheigea.blogspot.com/2011/02/support-for-saml2-assertions-in-wss4j.html">here</a> for
more information on this. Some changes to be aware of are:
+
<ol style="list-style-type: decimal">
+
<li>
The way of creating SAML assertions via a properties file has completely changed. For example, see a
<a href="xref-test/org/apache/ws/security/saml/SamlTokenTest.html">SAML Token Test</a>.
</li>
+
<li>
WSS4J 1.5.x ignored (enveloped) signatures on SAML (1.1) assertions - this is no longer the case, so
deployments which do not set the correct keystore/truststore config for dealing with signature
verification will fail.
</li>
+
<li>
The SAMLTokenProcessor no longer saves all tokens as an "WSConstants.ST_UNSIGNED" action. It saves
tokens that do not have an enveloped signature as this action, and token which <b>do</b> have an enveloped
signature are saved as a "WSConstants.ST_SIGNED" action.
</li>
+
<li>
The object that is saved as part of the action above has changed, from an Opensaml1 specific Assertion
object, to an AssertionWrapper instance, which is a WSS4J specific object which encapsulates an
@@ -205,45 +237,56 @@ Assertion, as well as some information c
</li>
</ol>
</li>
+
<li>
The way that UsernameTokens are processed has been changed. See
<a class="externalLink" href="http://coheigea.blogspot.com/2011/02/usernametoken-processing-changes-in.html">here</a> for
more information. Some important changes are:
+
<ol style="list-style-type: decimal">
+
<li>
The plaintext password case has exactly the same behaviour as the digest case. The identifier is now
WSPasswordCallback.USERNAME_TOKEN and not WSPasswordCallback.USERNAME_TOKEN_UNKNOWN, and the
CallbackHandler does not do any authentication, but must set the password on the callback.
</li>
+
<li>
The custom password type case defaults to the same behaviour as the plaintext case, assuming
wssConfig.getHandleCustomPasswordTypes() returns true.
</li>
+
<li>
For the case of a username token with no password element, the default behaviour is simply to ignore it,
and to store it as a new result of type WSConstants.UT_NOPASSWORD.
</li>
</ol>
</li>
+
<li>
Some changes have been made to the WSPasswordCallback identifiers, used to obtain passwords for various
actions. For more information see
<a class="externalLink" href="http://coheigea.blogspot.com/2011/02/wspasswordcallback-changes-in-wss4j-16.html">here</a>. In
a nutshell, these changes consist of:
+
<ol style="list-style-type: decimal">
+
<li>
The WSPasswordCallback KEY_NAME, USERNAME_TOKEN_UNKNOWN and WSPasswordCallback.ENCRYPTED_KEY_TOKEN
identifiers have been removed.
</li>
+
<li>
CUSTOM_TOKEN is not longer used in the processors to get a secret key.
</li>
+
<li>
SECRET_KEY is a new identifier for finding secret keys. It replaces the occasionally incorrect use of
CUSTOM_TOKEN, as well as KEY_NAME and ENCRYPTED_KEY_TOKEN.
</li>
</ol>
</li>
+
<li>
Timestamp validation and signature trust verification is not done by the WSHandler implementation
any more, but is performed when the security header is processed.
@@ -252,22 +295,22 @@ any more, but is performed when the secu
</div>
</div>
-
- </div>
- </div>
- <div class="clear">
- <hr/>
- </div>
- <div id="footer">
- <div class="xright">
- Copyright © 2004-2013
- <a href="http://www.apache.org/">The Apache Software Foundation</a>.
- All Rights Reserved.
-
- </div>
- <div class="clear">
- <hr/>
- </div>
- </div>
- </body>
-</html>
+
+ </div>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ <div id="footer">
+ <div class="xright">
+ Copyright © 2004-2014
+ <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+ All Rights Reserved.
+
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ </body>
+</html>
Modified: webservices/website/wss4j/xref-test/index.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/index.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/index.html (original)
+++ webservices/website/wss4j/xref-test/index.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference</title>
+ <title>Apache WSS4J 1.6.14 Reference</title>
</head>
<frameset cols="20%,80%">
<frameset rows="30%,70%">
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/common/package-frame.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/common/package-frame.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/common/package-frame.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/common/package-frame.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.common</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.common</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/common/package-summary.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/common/package-summary.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/common/package-summary.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/common/package-summary.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.common</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.common</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>
@@ -137,6 +137,6 @@
</ul>
</div>
<hr />
- Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.
+ Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.
</body>
</html>
\ No newline at end of file
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/components/crypto/package-frame.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/components/crypto/package-frame.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/components/crypto/package-frame.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/components/crypto/package-frame.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.components.crypto</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.components.crypto</title>
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
</head>
<body>
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/components/crypto/package-summary.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/components/crypto/package-summary.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/components/crypto/package-summary.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/components/crypto/package-summary.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.components.crypto</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.components.crypto</title>
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
</head>
<body>
@@ -87,6 +87,6 @@
</ul>
</div>
<hr />
- Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.
+ Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.
</body>
</html>
\ No newline at end of file
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/handler/package-frame.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/handler/package-frame.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/handler/package-frame.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/handler/package-frame.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.handler</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.handler</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/handler/package-summary.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/handler/package-summary.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/handler/package-summary.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/handler/package-summary.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.handler</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.handler</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>
@@ -92,6 +92,6 @@
</ul>
</div>
<hr />
- Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.
+ Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.
</body>
</html>
\ No newline at end of file
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/message/package-frame.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/message/package-frame.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/message/package-frame.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/message/package-frame.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.message</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.message</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/message/package-summary.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/message/package-summary.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/message/package-summary.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/message/package-summary.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.message</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.message</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>
@@ -217,6 +217,6 @@
</ul>
</div>
<hr />
- Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.
+ Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.
</body>
</html>
\ No newline at end of file
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/message/token/package-frame.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/message/token/package-frame.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/message/token/package-frame.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/message/token/package-frame.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.message.token</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.message.token</title>
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
</head>
<body>
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/message/token/package-summary.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/message/token/package-summary.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/message/token/package-summary.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/message/token/package-summary.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.message.token</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.message.token</title>
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
</head>
<body>
@@ -97,6 +97,6 @@
</ul>
</div>
<hr />
- Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.
+ Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.
</body>
</html>
\ No newline at end of file
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/misc/package-frame.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/misc/package-frame.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/misc/package-frame.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/misc/package-frame.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.misc</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.misc</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/misc/package-summary.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/misc/package-summary.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/misc/package-summary.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/misc/package-summary.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.misc</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.misc</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>
@@ -77,6 +77,6 @@
</ul>
</div>
<hr />
- Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.
+ Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.
</body>
</html>
\ No newline at end of file
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/processor/package-frame.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/processor/package-frame.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/processor/package-frame.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/processor/package-frame.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.processor</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.processor</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/processor/package-summary.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/processor/package-summary.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/processor/package-summary.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/processor/package-summary.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.processor</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.processor</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>
@@ -67,6 +67,6 @@
</ul>
</div>
<hr />
- Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.
+ Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.
</body>
</html>
\ No newline at end of file
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/saml/ext/package-frame.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/saml/ext/package-frame.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/saml/ext/package-frame.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/saml/ext/package-frame.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.saml.ext</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.saml.ext</title>
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
</head>
<body>
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/saml/ext/package-summary.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/saml/ext/package-summary.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/saml/ext/package-summary.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/saml/ext/package-summary.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.saml.ext</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.saml.ext</title>
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="style" />
</head>
<body>
@@ -62,6 +62,6 @@
</ul>
</div>
<hr />
- Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.
+ Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.
</body>
</html>
\ No newline at end of file
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/saml/package-frame.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/saml/package-frame.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/saml/package-frame.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/saml/package-frame.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.saml</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.saml</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/saml/package-summary.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/saml/package-summary.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/saml/package-summary.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/saml/package-summary.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.saml</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.saml</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>
@@ -112,6 +112,6 @@
</ul>
</div>
<hr />
- Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.
+ Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.
</body>
</html>
\ No newline at end of file
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/validate/package-frame.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/validate/package-frame.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/validate/package-frame.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/validate/package-frame.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.validate</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.validate</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>
Modified: webservices/website/wss4j/xref-test/org/apache/ws/security/validate/package-summary.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/ws/security/validate/package-summary.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/org/apache/ws/security/validate/package-summary.html (original)
+++ webservices/website/wss4j/xref-test/org/apache/ws/security/validate/package-summary.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference Package org.apache.ws.security.validate</title>
+ <title>Apache WSS4J 1.6.14 Reference Package org.apache.ws.security.validate</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>
@@ -67,6 +67,6 @@
</ul>
</div>
<hr />
- Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.
+ Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.
</body>
</html>
\ No newline at end of file
Modified: webservices/website/wss4j/xref-test/overview-frame.html
URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/overview-frame.html?rev=1556777&r1=1556776&r2=1556777&view=diff
==============================================================================
--- webservices/website/wss4j/xref-test/overview-frame.html (original)
+++ webservices/website/wss4j/xref-test/overview-frame.html Thu Jan 9 10:29:54 2014
@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
- <title>Apache WSS4J 1.6.13 Reference</title>
+ <title>Apache WSS4J 1.6.14 Reference</title>
<link rel="stylesheet" type="text/css" href="stylesheet.css" title="style" />
</head>
<body>