Overview
This release includes the following XWS-Security features:
Note: The XWS-Security EA 2.0 APIs are intended to insulate XWS-Security users from possible changes in the internal APIs, however, these APIs are subject to minor changes between 2.0 EA and 2.0 FCS.
- A sample security framework within which a JAX-RPC application developer will be able to secure applications by signing, verifying, encrypting, and/or decrypting parts of SOAP messages and attachments.
The message sender can also make claims about the security properties by associating security tokens with the message. An example of a security claim is the identity of the sender, identified by a user name and password.
- Support for SAML Tokens and the WSS SAML Token Profile (partial).
- Support for securing attachments based on the WSS SwA Profile Draft.
- Partial support for sending and receiving WS-I Basic Security Profile (BSP) 1.0 compliant messages. For more information about BSP, read Interoperability with Other Web Services.
- Enhancements to the
SecurityConfiguration
Schema from the previous release.- Sample programs that demonstrate using the framework.
- Command-line tools that provide specialized utilities for keystore management, including
pkcs12import
andkeyexport
.The XWS-Security release contents are arranged in the structure shown in Table 4-1 within the Java WSDP release:
Table 4-1 XWS-Security directory structure Directory Name Contents<
JWSDP_HOME
>/
xws-security/etc/ Keystore files, property files, configuration files used for the examples.<
JWSDP_HOME
>/
xws-security/docs/ Release documentation for the XWS-Security framework. For the latest updates to this documentation, visit the web site at http://java.sun.com/webservices/docs/1.6/xws-security/index.html.<
JWSDP_HOME
>/
xws-security/docs/api API documentation for the XWS-Security framework.<
JWSDP_HOME
>/
xws-security/lib/ JAR files containing the XWS-Security framework implementation and dependent libraries.<
JWSDP_HOME
>/
xws-security/samples/ Example code. This release includes sample applications. For more information on the samples, read Are There Any Sample Applications Demonstrating XWS-Security?<
JWSDP_HOME
>/
xws-security/bin/ Command-line tools that provide specialized utilities for keystore management. For more information on these, read Useful XWS-Security Command-Line Tools.
This implementation of XWS-Security is based on the Oasis Web Services Security (WSS) specification, which can be viewed at the following URL:
Some of the material in this chapter assumes that you understand basic security concepts. To learn more about these concepts, we recommend that you explore the following resources before you begin this chapter.
- The Java 2 Standard Edition discussion of security, which can be viewed from
http://java.sun.com/j2se/1.5.0/docs/guide/security/index.html
- The J2EE 1.4 Tutorial chapter titled Security, which can be viewed from
http://java.sun.com/j2ee/1.4/docs/tutorial-update2/doc/index.html