Implementation Version: 2.0 EA2
This XML and Web Services Security implementation, included as part of the JavaTM Web Services Developer Pack 2.0, provides a framework within which a JAXWS, JAXRPC or SAAJ application developer will be able to secure applications in the following ways:
This implementation of XML and Web Services Security uses Sun's XML-DSig (XML Digital Signature) implementation, JSR-105, which is based on the XML-Signature Syntax and Processing W3C standard.
Samples containing code for signing and/or verifying parts of the SOAP message and/or attachments are included with this release.
This implementation of XML and Web Services Security uses Apache's XML-Enc (XML Encryption) implementation, which is based on the XML Encryption W3C standard.
Samples containing code for encrypting and/or decrypting parts of the SOAP message and/or attachments are included with this release.
Sending these tokens with the message binds the identity of the tokens (and any other claims occurring in the security token) to the messages created by the tokens.
This implementation of XML and Web Services Security provides support for Username Token Profile, which is based on OASIS WSS Username Token Profile 1.0, and X509 Certificate Token Profile, which is based on OASIS WSS X509 Certificate Token Profile 1.0.
Samples containing code for sending user name and X509 certificate tokens along with the SOAP message are included with this release.
This implementation of XML and Web Services Security provides
APIs that can be used to secure stand alone Web services application as
well as JAX-RPC and JAXWS applications. Because the Java standards for
some of the XWS-Security technologies are currently
undergoing definition under the Java Community Process,
the security solution that is provided in the Java Web Services
Developer Pack 2.0 is based on nonstandard APIs, which are
subject to change with new revisions of the technology. To insulate
stand alone XWS-Security users from the possible changes in the
internal implementation, this release includes new APIs that abstract
out some of the internal implementation details. These new APIs can be
used to secure an outbound SOAPMessage
and verify the
security in an inbound SOAPMessage
.
Samples containing code using these new APIs are included with this release.
This implementation of XML and Web Services Security fully supports the implementation of Web Services Security (WSS) Interop scenarios. The following are some of the interoperability scenarios documents that are supported by this implementation:
This distribution includes samples that show how a JAX-RPC, JAXWS and SAAJ application developer can use the XML and Web Services Security technology. As previously noted, these nonstandard APIs are subject to change and, as standards are defined in the Web Services Security space, we will be moving towards using the appropriate standard APIs instead of these nonstandard APIs.
XWS-Security APIs are used for securing Web services based
on JAX-RPC, JAXWS and SAAJ. This release of XWS-Security internally
uses
the JSR-105 standard for XML Digital Signature and the
non-standard XML Encryption APIs. The use of non-standard XML
Encryption APIs however has no additional impact on the end-user
over and above the fact that the XWS-Security APIs are themselves
non-standard.
JSR-105 (XML
Digital Signature) APIs are included in this release of the JWSDP. JSR
105 is a standard API for generating and validating XML
Signatures as specified by the W3C
recommendation. JSR-105 APIs are used by Java applications
and
middleware that need to create and/or process XML Signatures. It is
used by this release of XWS-Security and can also be used
by non-Web Services technologies, for example, documents
stored or transferred in XML. Both JSR 105 and JSR 106 (XML
Digital Encryption APIs)
are core-XML security components.
In this release, the following command-line tools are included:
pkcs12import
This tool helps with importing the contents (key/certificate pair) of a PKCS-12 file into a keystore.
keyexport
This tool can be used to export the private key corresponding to a specified entry of a keystore into a file.
The documentation for this release consists of the following:
Please send questions, comments, and feedback to jwsdp-feedback@sun.com.
Due to the high volume of e-mail received on these aliases, you may not receive an immediate response to your inquiry.