Home | PDF | API | FAQ | Search | Feedback | History

Overview

This release includes the following XWS-Security features:

Support for securing JAX-RPC applications at the service, port, and operation levels.
XWS-Security APIs for securing both JAX-RPC applications and stand-alone applications that make use of SAAJ APIs only for their SOAP messaging.

---

Note: The XWS-Security EA 2.0 APIs are intended to insulate XWS-Security users from possible changes in the internal APIs, however, these APIs are subject to minor changes between 2.0 EA and 2.0 FCS.

---

A sample security framework within which a JAX-RPC application developer will be able to secure applications by signing, verifying, encrypting, and/or decrypting parts of SOAP messages and attachments.

The message sender can also make claims about the security properties by associating security tokens with the message. An example of a security claim is the identity of the sender, identified by a user name and password.

Support for SAML Tokens and the WSS SAML Token Profile (partial).
Support for securing attachments based on the WSS SwA Profile Draft.
Partial support for sending and receiving WS-I Basic Security Profile (BSP) 1.0 compliant messages. For more information about BSP, read Interoperability with Other Web Services.
Enhancements to the SecurityConfiguration Schema from the previous release.
Sample programs that demonstrate using the framework.
Command-line tools that provide specialized utilities for keystore management, including pkcs12import and keyexport.

The XWS-Security release contents are arranged in the structure shown in Table 4-1 within the Java WSDP release:

Table 4-1  XWS-Security directory structure

Directory Name	Contents
<JWSDP_HOME>/ xws-security/etc/	Keystore files, property files, configuration files used for the examples.
<JWSDP_HOME>/ xws-security/docs/	Release documentation for the XWS-Security framework. For the latest updates to this documentation, visit the web site at http://java.sun.com/webservices/docs/1.6/xws-security/index.html.
<JWSDP_HOME>/ xws-security/docs/api	API documentation for the XWS-Security framework.
<JWSDP_HOME>/ xws-security/lib/	JAR files containing the XWS-Security framework implementation and dependent libraries.
<JWSDP_HOME>/ xws-security/samples/	Example code. This release includes sample applications. For more information on the samples, read Are There Any Sample Applications Demonstrating XWS-Security?
<JWSDP_HOME>/ xws-security/bin/	Command-line tools that provide specialized utilities for keystore management. For more information on these, read Useful XWS-Security Command-Line Tools.

This implementation of XWS-Security is based on the Oasis Web Services Security (WSS) specification, which can be viewed at the following URL:

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf 

Some of the material in this chapter assumes that you understand basic security concepts. To learn more about these concepts, we recommend that you explore the following resources before you begin this chapter.

The Java 2 Standard Edition discussion of security, which can be viewed from

http://java.sun.com/j2se/1.5.0/docs/guide/security/index.html

The J2EE 1.4 Tutorial chapter titled Security, which can be viewed from

http://java.sun.com/j2ee/1.4/docs/tutorial-update2/doc/index.html

All of the material in The Java(TM) Web Services Tutorial is copyright-protected and may not be published in other works without express written permission from Sun Microsystems.