Author: coheigea
Date: Thu Apr 4 15:31:46 2019
New Revision: 1856947
URL: http://svn.apache.org/viewvc?rev=1856947&view=rev
Log:
More updates
Added:
webservices/website/wss4j/dependency-check-report.html
webservices/website/wss4j/migration.html
webservices/website/wss4j/newfeatures20.html
webservices/website/wss4j/testapidocs/org/apache/wss4j/common/cache/ReplayCacheTest.html
webservices/website/wss4j/testapidocs/org/apache/wss4j/common/cache/class-use/ReplayCacheTest.html
webservices/website/wss4j/wss4j16.html
webservices/website/wss4j/wss4j20.html
webservices/website/wss4j/wss4j21.html
webservices/website/wss4j/wss4j22.html
webservices/website/wss4j/xref-test/org/apache/wss4j/common/cache/ReplayCacheTest.html
Added: webservices/website/wss4j/dependency-check-report.html
URL:
http://svn.apache.org/viewvc/webservices/website/wss4j/dependency-check-report.html?rev=1856947&view=auto
==============================================================================
--- webservices/website/wss4j/dependency-check-report.html (added)
+++ webservices/website/wss4j/dependency-check-report.html Thu Apr 4 15:31:46
2019
@@ -0,0 +1,602 @@
+
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>Dependency-Check Report</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <link rel="shortcut icon"
href="data:;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAVLSURBVFhHvZdvbFRFEMB3913v9Vr+FKUNRdtrewg1lQgRE0gMYkJSowYMwcSPkGDwg8ZigMR+UYzGaIuAEj+R+IfE+EUlRL+QYAwhGBMqkFQDpO1xd/YPBaSU9u767r0dZ5a513vtXVsq8Zcsb3bu9c3szuzsIMU8iEaj5fhYJlzRYCkZ7Utd+wbnQL+Nd0TeoyeAPLFgf/oiyTNxXw6g4WUhTz4JEtaiNXLCEE8l3seHJjlzsOJHfLxMsgHE4cje9B6eTUPxc0ZoxbFHG1qVFq9rCRsKjc+KFG3oFGQ6Kw6xJsCsDqDxNZYWbWSYVUFAJFkyaA2XWAxiHIlcGPukYg1rDCVDQKsOadmqBaxllY8CuKHBuqOlHlNKufFk/GdUmxxoeqTpMbBg1dGXRlZtqHc2R8rgedIXgk4eqNyXMblS1AE2vhWNP84qAxl2hewno6wyFHOAZOLAc6PRbU+kd2OyrmbVPTg3pjlQzDgazGmh40rKMY3LZrVBCi/Tl0z+gqJxYGV9fWNOWC0kF3Jm1/C2pZWwk6cG2olpOcDb7hsHgLQGcUWAGs0bV1K7EuSQFbbOLKmuPkOvkZ64mkzG8bXz5BirDBuP1fzQP6I+5yl9eAS9vxjYAVz9esx0P2a0ck+73VKGPFaR8Vtpx7k0ODiYZlVJmpcvfzirwi1SyUWsMiF5ZXX6A1zJzsq9mRO+A7T1lO2BIyZVN/6bJZFWnQO4Wl1dnerq6sqRbq401TWtw9qxjGT6zhfbs3+0Hrw+THPfgVhdA8Xdz3j84RpIdZOngrY1kUgMOR3lG1kVREkHhBp3smJ4wdLmf+TuoJOxuroW3NI6zN6L9B1W33MAV1+F
W99mNIgUclBaYtCPObjx3lTqT5KxqJyk52y4nv5u4f7stzzNY+Hww0ncS0JXBIoDWryRN07JVlVTc9Xo74OQpV7F6ndk5CO7iVVEwDihVqxYYVtKrOc5bckIgHJIpnhl3MxfpWIuJZyWAMdo0Io1AOXMJFI0hm3VzrOiYG2BmsLEAz0Zd9DWzZmyHd/tLt+bOUmDthuzun3C8dryjqCDdzF5tqcPRr40f1AElcvl6lgmJkC5d1kWYS8bZ3HOVL0z0TcKiz70tBjAML4opVgsoeB2nIJyXfeKJfRxGo52j4ds+xwWmN9t1/7t8sDALX7vvqjdd31cChgi40YhZdXUSyiPGkAjPalUL43+/v6/e3p6btC4PHB5XsZ9sMqxZJAWbGIxwJz6gfkAWl5jcUYUbU1+3D60uIp0PPwiNR/wZAW3HERRh5Sy4C3LEhdoiAn368b6xhdoxKLRVn5nXmDpfZZFg7J00f5QgRYJlkV5GWyJVnk2yRpUKBaLFZ6QOYMFaAdW0x08xcXDr5E9E8V3wAmFD7NseO3pMf8uh1xuJYuzQuGjMJreT4rJc4/XrvZk6aZ0yZ47WPkm47M55mxnET23IrW1tRU8DUBFBlf2faYzcptGuefETRix9+NXDNhLHJmpPTenAON1xMyQRbZevaV5ooanwrbsdSz6kPF8kaEz7o9CqOEAvPO59yuFccBR4a/MjGnfNDp5M2IzgQnpd8QB41NBoxRvarWyVrgRe77Ad4vhHzX6H41S8l2eitO9ZR+/+dNDZ3lqbsW+VN/52x12YxlY04xbZd5IqUSbCd8BSiLby13AlTWwSnx6tvKNY10LzCmhm7E3kTiFYqAp/a/4lZCSUYIX6Frffmb86K6nxqJknDoZVD1Q48S0ajc1FBTXU8mFzVs/G77OmgdK0XLLZ7nNnGHuXvmn/w9yYrwzUvIefzAI8S83C2sS1J4rmAAAAABJRU5ErkJggg=="
/>
+ <script type="text/javascript">
+ /*! jQuery [email protected] jquery.com | jquery.org/license */
[... 595 lines stripped ...]
Added: webservices/website/wss4j/migration.html
URL:
http://svn.apache.org/viewvc/webservices/website/wss4j/migration.html?rev=1856947&view=auto
==============================================================================
--- webservices/website/wss4j/migration.html (added)
+++ webservices/website/wss4j/migration.html Thu Apr 4 15:31:46 2019
@@ -0,0 +1,958 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<!-- Generated by Apache Maven Doxia Site Renderer 1.7.4 at 2019-04-04 -->
+<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>Apache WSS4J – </title>
+ <style type="text/css" media="all">
+ @import url("./css/maven-base.css");
+ @import url("./css/maven-theme.css");
+ @import url("./css/site.css");
+ </style>
+ <link rel="stylesheet" href="./css/print.css" type="text/css"
media="print" />
+ <meta http-equiv="Content-Language" content="en" />
+
+ </head>
+ <body class="composite">
+ <div id="banner">
+ <a href="./" id="bannerLeft">
+ Apache WSS4Jâ¢
+ </a>
+ <a href="http://www.apache.org"; id="bannerRight">
+ <img
src="http://activemq.apache.org/images/asf-logo.png"; alt="$alt" />
+ </a>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="breadcrumbs">
+
+ <div class="xleft">
+ <span id="publishDate">Last Published: 2019-04-04</span>
+ | <span id="projectVersion">Version:
2.3.0-SNAPSHOT</span>
+ </div>
+ <div class="xright">
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="leftColumn">
+ <div id="navcolumn">
+
+ <h5>Apache WSS4J</h5>
+ <ul>
+ <li class="none">
+ <a href="index.html" title="Home">Home</a>
+ </li>
+ <li class="none">
+ <a href="download.html" title="Download">Download</a>
+ </li>
+ <li class="none">
+ <a href="user_guide.html" title="User Guide">User
Guide</a>
+ </li>
+ <li class="none">
+ <a href="security_advisories.html" title="Security
Advisories">Security Advisories</a>
+ </li>
+ </ul>
+ <h5>Project Documentation</h5>
+ <ul>
+
<li class="collapsed">
+ <a href="project-info.html" title="Project
Information">Project Information</a>
+ </li>
+
<li
class="collapsed">
+ <a href="project-reports.html" title="Project
Reports">Project Reports</a>
+ </li>
+ </ul>
+ <a href="http://maven.apache.org/"; title="Built
by Maven" class="poweredBy">
+ <img class="poweredBy" alt="Built by Maven"
src="./images/logos/maven-feather.png" />
+ </a>
+
+ </div>
+ </div>
+ <div id="bodyColumn">
+ <div id="contentBox">
+ <div class="sect1">
+<h2 id="apache_wss4j_migration_guides">Apache WSS4J Migration Guides</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>Information about migrating to various new versions of WSS4J is provided in
this section.</p>
+</div>
+<div class="sect2">
+<h3 id="apache_wss4j_2_2_0_migration_guide">Apache WSS4J 2.2.0 Migration
Guide</h3>
+<div class="paragraph">
+<p>This section is a migration guide for helping Apache WSS4J 2.1.x users to
migrate
+to the 2.2.x releases.</p>
+</div>
+<div class="sect3">
+<h4 id="jdk8_minimum_requirement">JDK8 minimum requirement</h4>
+<div class="paragraph">
+<p>WSS4J 2.1.x required JDK7 as a minimum requirement. WSS4J 2.2.x requires at
+least JDK8.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="base64_changes">Base64 changes</h4>
+<div class="paragraph">
+<p>In WSS4J 2.1.x, the Base64 implementation that ships with the JDK
+(java.util.Base64) is used, instead of the Base64 implementation that ships
+with Apache Santuario. It is unlikely, but this may have an impact on users
+who are parsing messages with Base64 implementations that depend on specific
+CR or LF characters, as the Santuario and Java Base64 implementations differ
+slightly. Both the Apache Santuario and Java Base64 implementations can
+correctly decode the messages created with Apache WSS4J 2.2.x.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="kerberos_changes">Kerberos changes</h4>
+<div class="paragraph">
+<p>There are some changes with regards to Kerberos in WSS4J 2.1.x. The
+KerberosClientAction and KerberosServiceAction classes are removed. Instead
+use KerberosClientExceptionAction and KerberosServiceExceptionAction in the
+same package. The KerberosTokenDecoderImpl is removed as we can now get access
+to the secret key via the JDK APIs. As a consequence, the ws-security-common
+module no longer has a dependency on Apache Directory.</p>
+</div>
+</div>
+</div>
+<div class="sect2">
+<h3 id="apache_wss4j_2_1_0_migration_guide">Apache WSS4J 2.1.0 Migration
Guide</h3>
+<div class="paragraph">
+<p>This section is a migration guide for helping Apache WSS4J 2.0.x users to
migrate
+to the 2.1.x releases.</p>
+</div>
+<div class="sect3">
+<h4 id="jdk7_minimum_requirement">JDK7 minimum requirement</h4>
+<div class="paragraph">
+<p>WSS4J 2.0.x required JDK6 as a minimum requirement. WSS4J 2.1.x requires at
+least JDK7. The Xerces and xml-api dependencies have been removed from the DOM
+code, as they are no longer required due to the JDK7 minimum requirement.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="opensaml_3_x_migration">OpenSAML 3.x migration</h4>
+<div class="paragraph">
+<p>A key dependency change in WSS4J 2.1.0 is the upgrade from OpenSAML 2.x to
+3.x (currently 3.1.0). OpenSAML 3.x contains a large number of package
+changes. Therefore if you have any OpenSAML dependencies in a CallbackHandler
+used to create SAML Assertions in WSS4J, code changes will be required.</p>
+</div>
+<div class="paragraph">
+<p>The most common OpenSAML dependency is to include a "SAMLVersion" to tell
+the SAMLCallback whether to create a SAML 2.0 or 1.1 Assertion. WSS4J 2.1
+provides an alternative way of specifying the SAML Version, via a <a
href="https://svn.apache.org/repos/asf/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/Version.java";>Version</a>
bean. See
+<a
href="https://svn.apache.org/repos/asf/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java";>here</a>
for an example.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="custom_processor_changes">Custom processor changes</h4>
+<div class="paragraph">
+<p>If you have a custom Processor instance to process a token in the security
+header in some custom way, you must add the WSSecurityEngineResult that is
+generated by the processing, to the WSDocInfo Object via the "addResult"
+method. Otherwise, it will not be available when security results are
+retrieved and processed.</p>
+</div>
+</div>
+</div>
+<div class="sect2">
+<h3 id="apache_wss4j_2_0_0_migration_guide">Apache WSS4J 2.0.0 Migration
Guide</h3>
+<div class="paragraph">
+<p>This section is a migration guide for helping Apache WSS4J 1.6.x users to
migrate
+to the 2.0.x releases. Also see the <a href="newfeatures20.html">new
+features</a> page for more information about the new functionality available in
+WSS4J 2.0.x.</p>
+</div>
+<div class="sect3">
+<h4 id="migrating_to_using_the_streaming_stax_code">Migrating to using the
streaming (StAX) code</h4>
+<div class="paragraph">
+<p>WSS4J 2.0.0 introduces a streaming (StAX-based) WS-Security implementation
to
+complement the existing DOM-based implementation. The DOM-based implementation
+is quite performant and flexible, but having to read the entire request into
+memory carries performance penalties. The StAX-based code offers largely the
+same functionality as that available as part of the DOM code, and is
+configured in mostly the same way (via configuration tags that are shared
+between both stacks).</p>
+</div>
+<div class="paragraph">
+<p>As of the time of writing, Apache CXF is the only web services stack to
+integrate the new WS-Security streaming functionality. To switch to use the
+streaming code for the manual "Action" based approach, simply change the
+outbound and inbound interceptors as follows:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>"org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor" to
+"org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor".</p>
+</li>
+<li>
+<p>"org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor" to
+"org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor".</p>
+</li>
+</ul>
+</div>
+<div class="paragraph">
+<p>For the WS-SecurityPolicy based approach of configuring WS-Security, simply
+set the JAX-WS property SecurityConstants.ENABLE_STREAMING_SECURITY
+("ws-security.enable.streaming") to "true".</p>
+</div>
+<div class="paragraph">
+<p>For more information on the streaming functionality available in WSS4J
2.0.0,
+please see the <a href="streaming.html">streaming documentation</a> page.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="cryptocallbackhandler_changes">Crypto/CallbackHandler changes</h4>
+<div class="paragraph">
+<p>Typically, a user configures Signature and Encryption keys via a Crypto
+properties file. In WSS4J 1.6.x, the property names all start with
+"org.apache.ws.security.crypto.*". In WSS4J 2.0.0, the new prefix is
+"org.apache.wss4j.crypto.\*". However, WSS4J 2.0.0 will accept the older
+prefix value. No other changes are necessary for migrating Crypto
properties.</p>
+</div>
+<div class="paragraph">
+<p>In WSS4J 1.6.x, it was only possible to specify a Crypto implementation for
+both Signature Creation + Verification. In WSS4J 2.0.0, there is now a
+separate Signature Verification Crypto instance, that can be configured via
+the following configuration tags:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>signatureVerificationPropFile - The path of the crypto property file to
+use for Signature verification.</p>
+</li>
+<li>
+<p>signatureVerificationPropRefId - The key that holds a reference to the
+object holding complete information about the signature verification Crypto
+implementation.</p>
+</li>
+</ul>
+</div>
+<div class="paragraph">
+<p>In WSS4J, you need to define a CallbackHandler to supply a password to a
+WSPasswordCallback Object when dealing with UsernameTokens, or to unlock
+private keys for Signature creation, etc. In WSS4J 2.0.0, the functionality is
+exactly the same, except that the package of the WSPasswordCallback Object has
+changed from "org.apache.ws.security" to "org.apache.wss4j.common.ext". Any
+CallbackHandler implementation will need to be updated to use the new
package.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="saml_assertion_changes">SAML Assertion changes</h4>
+<div class="paragraph">
+<p>A CallbackHandler implementation is required to create a SAML Assertion, by
+populating various beans. Similar to the WSPasswordCallback package change,
+there are also some package changes for SAML. The base package for the
+SAMLCallback class, and of the various "bean" classes, has changed from
+"org.apache.ws.security.saml.ext" to "org.apache.wss4j.common.saml".</p>
+</div>
+<div class="paragraph">
+<p>Apache WSS4J 1.6.x uses the SAMLIssuer interface to configure the creation
and
+signing of a SAML Assertion. In Apache WSS4J 2.0.0, the SAMLIssuer
+functionality has been moved to the SAMLCallback, so that the CallbackHandler
+used to create a SAML Assertion is responsible for all of the signing
+configuration as well. Therefore, the properties file that is used in
+WSS4J 1.6.x to sign a SAML Assertion is no longer used in WSS4J 2.0.0, and
+the "samlPropFile" and "samlPropRefId" configuration tags have been
removed.</p>
+</div>
+<div class="paragraph">
+<p>The SAMLCallback Object contains the additional properties in WSS4J 2.0.0
that
+can be set to sign the Assertion:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>boolean signAssertion - Whether to sign the assertion or not (default
"false").</p>
+</li>
+<li>
+<p>String issuerKeyName - The keystore alias for signature</p>
+</li>
+<li>
+<p>String issuerKeyPassword - The keystore password for the alias</p>
+</li>
+<li>
+<p>Crypto issuerCrypto - The Crypto instance used for signature</p>
+</li>
+<li>
+<p>boolean sendKeyValue - Whether to send the keyvalue or the X509Certificate
+(default "false").</p>
+</li>
+<li>
+<p>String canonicalizationAlgorithm - The C14n algorithm to use for
signature.</p>
+</li>
+<li>
+<p>String signatureAlgorithm - The Signature algorithm.</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect3">
+<h4 id="configuration_tag_changes">Configuration tag changes</h4>
+<div class="paragraph">
+<p>In WSS4J 1.6.x, configuration tags were configured in the WSHandlerConstants
+class. In WSS4J 2.0.0, both the DOM and StAX-based code largely share the
+same configuration options, and so the configuration tags are defined in
+<a
href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?view=markup";>ConfigurationConstants</a>.
Note that the WSS4J 1.6.x configuration class
+(WSHandlerConstants) extends this class in WSS4J 2.0.0, so there is no need to
+change any configuration code when upgrading.</p>
+</div>
+<div class="paragraph">
+<p>The configuration tags that have been removed and added are detailed below.
+The non-standard key derivation and UsernameToken Signature functionality that
+was optional in WSS4J 1.6.x has been removed. Some new actions are added for
+the streaming code, as well as some options surrounding caching. An important
+migration point is that there is now a separate configuration tag used for
+verifying signatures. In WSS4J 1.6.x, there was only one tag used for both
+signature creation and verification.</p>
+</div>
+<div class="sect4">
+<h5 id="removed_configuration_tags_in_wss4j_2_0_0">Removed Configuration tags
in WSS4J 2.0.0</h5>
+<div class="paragraph">
+<p>This section details the Configuration tags that are no longer present in
+WSS4J 2.0.0.</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>SIGN_WITH_UT_KEY (UsernameTokenSignature) - Perform a .NET specific
signature using a Username Token action. Removed
+as it was not standard compliant.</p>
+</li>
+<li>
+<p>PASSWORD_TYPE_STRICT (passwordTypeStrict) - Whether to enable strict
Username Token password type handling. In WSS4J
+2.0.0 this functionality can be enabled by just setting the required
+PASSWORD_TYPE.</p>
+</li>
+<li>
+<p>USE_DERIVED_KEY (useDerivedKey) - Whether to use the standard UsernameToken
Key Derivation algorithm. Removed
+as only the standard algorithm is used in WSS4J 2.0.0.</p>
+</li>
+<li>
+<p>ENC_KEY_NAME (embeddedKeyName) - The text of the key name to be sent in the
KeyInfo for encryption. Embedded
+KeyNames are not supported in WSS4J 2.0.0.</p>
+</li>
+<li>
+<p>ADD_UT_ELEMENTS (addUTElements) - Additional elements to add to a Username
Token, i.e. "nonce" and "created".
+See the ADD_USERNAMETOKEN_NONCE and ADD_USERNAMETOKEN_CREATED properties
below.</p>
+</li>
+<li>
+<p>WSE_SECRET_KEY_LENGTH (wseSecretKeyLength) - The length of the secret
(derived) key to use for the WSE UT_SIGN
+functionality. Removed as it is not standard compliant.</p>
+</li>
+<li>
+<p>ENC_CALLBACK_CLASS (embeddedKeyCallbackClass) - The CallbackHandler
implementation class used to get the key associated
+with a key name. KeyName is not supported in WSS4J 2.0.0.</p>
+</li>
+<li>
+<p>ENC_CALLBACK_REF (embeddedKeyCallbackRef) -The CallbackHandler
implementation object used to get the key associated
+with a key name. KeyName is not supported in WSS4J 2.0.0.</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect4">
+<h5 id="new_configuration_tags_in_wss4j_2_0_0">New Configuration tags in WSS4J
2.0.0</h5>
+<div class="paragraph">
+<p>This section details the new Configuration tags in WSS4J 2.0.0.</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>USERNAME_TOKEN_SIGNATURE (UsernameTokenSignature) - Perform a
UsernameTokenSignature action.</p>
+</li>
+<li>
+<p>SIGNATURE_DERIVED (SignatureDerived) - Perform a Signature action with
derived keys.</p>
+</li>
+<li>
+<p>ENCRYPT_DERIVED (EncryptDerived) - Perform a Encryption action with derived
keys.</p>
+</li>
+<li>
+<p>SIGNATURE_WITH_KERBEROS_TOKEN (SignatureWithKerberosToken) - Perform a
Signature action with a kerberos token. Only for StAX code.</p>
+</li>
+<li>
+<p>ENCRYPT_WITH_KERBEROS_TOKEN (EncryptWithKerberosToken) - Perform a
Encryption action with a kerberos token. Only for StAX code.</p>
+</li>
+<li>
+<p>KERBEROS_TOKEN (KerberosToken) - Add a kerberos token.</p>
+</li>
+<li>
+<p>CUSTOM_TOKEN (CustomToken) - Add a "Custom" token from a CallbackHandler</p>
+</li>
+<li>
+<p>SIG_VER_PROP_FILE (signatureVerificationPropFile) - The path of the crypto
property file to use for Signature verification.</p>
+</li>
+<li>
+<p>SIG_VER_PROP_REF_ID (signatureVerificationPropRefId) - The String ID that
is used to store a reference to the Crypto object or
+the Crypto Properties object for Signature verification.</p>
+</li>
+<li>
+<p>ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM (allowRSA15KeyTransportAlgorithm) -
Whether to allow the RSA v1.5 Key Transport Algorithm or not. Default is
+"false".</p>
+</li>
+<li>
+<p>ADD_INCLUSIVE_PREFIXES (addInclusivePrefixes) - Whether to add an
InclusiveNamespaces PrefixList as a
+CanonicalizationMethod child when generating Signatures using
+WSConstants.C14N_EXCL_OMIT_COMMENTS. Default is "true".</p>
+</li>
+<li>
+<p>ADD_USERNAMETOKEN_NONCE (addUsernameTokenNonce) - Whether to add a Nonce
Element to a UsernameToken (for plaintext). Default
+is "false"</p>
+</li>
+<li>
+<p>ADD_USERNAMETOKEN_CREATED (addUsernameTokenCreated) - Whether to add a
Created Element to a UsernameToken (for plaintext).
+Default is "false"</p>
+</li>
+<li>
+<p>ALLOW_USERNAMETOKEN_NOPASSWORD (allowUsernameTokenNoPassword) - Whether a
UsernameToken with no password element is allowed. Default is
+"false".</p>
+</li>
+<li>
+<p>VALIDATE_SAML_SUBJECT_CONFIRMATION (validateSamlSubjectConfirmation) -
Whether to validate the SubjectConfirmation requirements of a received
+SAML Token (sender-vouches or holder-of-key). Default is "true".</p>
+</li>
+<li>
+<p>INCLUDE_SIGNATURE_TOKEN (includeSignatureToken) - Whether to include the
Signature Token in the security header as well or
+not (for IssuerSerial + Thumbprint cases). Default is "false"</p>
+</li>
+<li>
+<p>INCLUDE_ENCRYPTION_TOKEN (includeEncryptionToken) - Whether to include the
Encryption Token in the security header as well or
+not (for IssuerSerial, Thumbprint, SKI cases). Default is "false"</p>
+</li>
+<li>
+<p>ENABLE_NONCE_CACHE (enableNonceCache) - Whether to cache UsernameToken
nonces. Default is "true"</p>
+</li>
+<li>
+<p>ENABLE_TIMESTAMP_CACHE (enableTimestampCache) - Whether to cache Timestamp
Created Strings (these are only cached in
+conjunction with a message Signature). Default is "true"</p>
+</li>
+<li>
+<p>ENABLE_SAML_ONE_TIME_USE_CACHE (enableSamlOneTimeUseCache) - Whether to
cache SAML2 Token Identifiers, if the token contains a
+"OneTimeUse" Condition. Default is "true".</p>
+</li>
+<li>
+<p>USE_2005_12_NAMESPACE (use200512Namespace) - Whether to use the 2005/12
namespace for SecureConveration + DerivedKeys,
+or the older namespace. The default is "true"</p>
+</li>
+<li>
+<p>OPTIONAL_SIGNATURE_PARTS (optionalSignatureParts) - Parameter to define
which parts of the request shall be signed, if they
+exist in the request.</p>
+</li>
+<li>
+<p>OPTIONAL_ENCRYPTION_PARTS (optionalEncryptionParts) - Parameter to define
which parts of the request shall be encrypted, if they
+exist in the request.</p>
+</li>
+<li>
+<p>ENC_MGF_ALGO (encryptionMGFAlgorithm) - Defines which encryption mgf
algorithm to use with the RSA OAEP Key
+Transport algorithm for encryption. The default is mgfsha1.</p>
+</li>
+<li>
+<p>VALIDATOR_MAP (validatorMap) - A map of QName, Object (Validator) instances
to be used to validate
+tokens identified by their QName.</p>
+</li>
+<li>
+<p>NONCE_CACHE_INSTANCE (nonceCacheInstance) - A ReplayCache instance used to
cache UsernameToken nonces. The default
+instance that is used is the EHCacheReplayCache.</p>
+</li>
+<li>
+<p>TIMESTAMP_CACHE_INSTANCE (timestampCacheInstance) - A ReplayCache instance
used to cache Timestamp Created Strings. The default
+instance that is used is the EHCacheReplayCache.</p>
+</li>
+<li>
+<p>SAML_ONE_TIME_USE_CACHE_INSTANCE (samlOneTimeUseCacheInstance) - A
ReplayCache instance used to cache SAML2 Token Identifier Strings (if
+the token contains a OneTimeUse Condition). The default instance that is used
+is the EHCacheReplayCache.</p>
+</li>
+<li>
+<p>PASSWORD_ENCRYPTOR_INSTANCE (passwordEncryptorInstance) - A
PasswordEncryptor instance used to decrypt encrypted passwords in Crypto
+properties files. The default is the JasyptPasswordEncryptor.</p>
+</li>
+<li>
+<p>DERIVED_TOKEN_REFERENCE (derivedTokenReference) - This controls how
deriving tokens are referenced.</p>
+</li>
+<li>
+<p>DERIVED_TOKEN_KEY_ID (derivedTokenKeyIdentifier) - This controls the key
identifier of Derived Tokens.</p>
+</li>
+<li>
+<p>DERIVED_SIGNATURE_KEY_LENGTH (derivedSignatureKeyLength) - The length to
use (in bytes) when deriving a key for Signature.</p>
+</li>
+<li>
+<p>DERIVED_ENCRYPTION_KEY_LENGTH (derivedEncryptionKeyLength) - The length to
use (in bytes) when deriving a key for Encryption.</p>
+</li>
+</ul>
+</div>
+</div>
+</div>
+<div class="sect3">
+<h4 id="derived_key_and_secure_conversation_namespace_change">Derived Key and
Secure Conversation namespace change</h4>
+<div class="paragraph">
+<p>In WSS4J 1.6.x, the default namespace used for Derived Key and Secure
+Conversation was the older "http://schemas.xmlsoap.org/ws/2005/02/sc";
+namespace. In WSS4J 2.0.0, the default namespace is now
+"http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512";. To switch
+back to use the older namespace, you can set the new configuration property
+"USE_2005_12_NAMESPACE" to "false".</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="caching_changes">Caching changes</h4>
+<div class="paragraph">
+<p>WSS4J 2.0.0 uses three EhCache-based caches by default for the following
+scenarios, to prevent replay attacks:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>UsernameToken nonces</p>
+</li>
+<li>
+<p>Signed Timestamps</p>
+</li>
+<li>
+<p>SAML 2.0 OneTimeUse Assertions</p>
+</li>
+</ul>
+</div>
+<div class="paragraph">
+<p>If you are seeing a error about "replay attacks" after upgrade, then you may
+need to disable a particular cache.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="rsa_v1_5_key_transport_algorithm_not_allowed_by_default">RSA v1.5 Key
Transport algorithm not allowed by default</h4>
+<div class="paragraph">
+<p>WSS4J supports two key transport algorithms, RSA v1.5 and RSA-OAEP. A number
+of attacks exist on RSA v1.5. Therefore, you should always use RSA-OAEP as the
+key transport algorithm. In WSS4J 2.0.0, the RSA v1.5 Key Transport algorithm
+is not allowed by default (as opposed to previous versions of WSS4J, where it
+is allowed). If you wish to allow it, then you must set the
+WSHandlerConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM property to "true".</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="inclusivenamespaces_prefixlist_change">InclusiveNamespaces PrefixList
change</h4>
+<div class="paragraph">
+<p>In WSS4J 1.6.x, when BSP Compliance was switched off on the outbound side,
it
+had the effect that an InclusiveNamespaces PrefixList was not generated as a
+CanonicalizationMethod child of a Signature Element (as required by the BSP
+specification). In WSS4J 2.0.0, this is now controlled by a separate
+configuration tag "addInclusivePrefixes", which defaults to true.</p>
+</div>
+</div>
+</div>
+<div class="sect2">
+<h3 id="new_features_available_in_apache_wss4j_2_0_0">New features available
in Apache WSS4J 2.0.0</h3>
+<div class="sect3">
+<h4 id="overview_of_new_features">Overview of new features</h4>
+<div class="paragraph">
+<p>Apache WSS4J 2.0.0 delivers the following major new features:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>Support for a streaming (StAX) based WS-Security implementation that
+covers all of the main specifications.</p>
+</li>
+<li>
+<p>A WS-SecurityPolicy model that can be shared between both DOM + StAX
+implementations.</p>
+</li>
+<li>
+<p>Support for "real-time" WS-SecurityPolicy validation for the StAX
+implementation.</p>
+</li>
+<li>
+<p>Support for the SOAP with Attachments (SWA) Profile 1.1 specification.</p>
+</li>
+<li>
+<p>Support for caching based on EhCache.</p>
+</li>
+<li>
+<p>Support for encrypting passwords in Crypto properties files using
Jasypt.</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect3">
+<h4 id="streaming_stax_based_ws_security_implementation">Streaming (StAX)
based WS-Security implementation</h4>
+<div class="paragraph">
+<p>WSS4J 2.0.0 introduces a new streaming (StAX) based WS-Security
implementation.
+Please see the dedicated <a href="streaming.html">page</a> for more
information.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="ws_securitypolicy_support">WS-SecurityPolicy support</h4>
+<div class="paragraph">
+<p>WSS4J 2.0.0 introduces a new WS-SecurityPolicy model as part of the
+"wss4j-policy" module. This model can be shared between both the DOM and StAX
+WS-Security implementations. Web service stacks such as Apache CXF and
+Apache Axis/Rampart that use WSS4J for WS-Security no longer need to maintain
+their own model. In this way any bug fixes to the model will get picked up
+by all web service stacks that rely on WSS4J.</p>
+</div>
+<div class="paragraph">
+<p>In addition to the new WS-SecurityPolicy model, a significant new feature of
+WSS4J 2.0.0 is that the new streaming WS-Security implementation has the
+ability to perform "real-time" validation of a request against the set of
+applicable WS-SecurityPolicy policies. The DOM-based code in WSS4J does not
+have any concept of WS-SecurityPolicy, but instead processes an inbound
+request, and relies on the web service stack to compare the results against
+the applicable policies. The advantage of the streaming approach in WSS4J
+2.0.0 is that bogus requests can be rejected quicker, which may help to avoid
+DoS based scenarios.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="support_for_signing_and_encrypting_message_attachments">Support for
signing and encrypting message attachments</h4>
+<div class="paragraph">
+<p>WSS4J 2.0.0 introduces support for signing and encrypting SOAP message
+attachments, via the the SOAP with Attachments (SWA) Profile 1.1 specification.
+Please see the dedicated <a href="attachments.html">page</a> for more
+information.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="replay_attack_detection_using_ehcache">Replay Attack detection using
EhCache</h4>
+<div class="paragraph">
+<p>In WSS4J 1.6.x, a "ReplayCache" interface was introduced to cache tokens to
+guard against replay attacks for the following scenarios:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>Signed Timestamps</p>
+</li>
+<li>
+<p>UsernameToken nonces</p>
+</li>
+<li>
+<p>SAML OneTimeUse Assertions</p>
+</li>
+</ul>
+</div>
+<div class="paragraph">
+<p>However, replay attack detection was not "switched on" by default in WSS4J
+1.6.x. In WSS4J 2.0.x, replay attack detection is enabled by default using
+an implementation of the "ReplayCache" interface based on EhCache. The
+following configuration tags can be used to configure caching:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>ConfigurationConstants.TIMESTAMP_CACHE_INSTANCE ("timestampCacheInstance"):
+This holds a reference to a ReplayCache instance used to cache Timestamp
+Created Strings. The default instance that is used is the
EHCacheReplayCache.</p>
+</li>
+<li>
+<p>ConfigurationConstants.ENABLE_TIMESTAMP_CACHE ("enableTimestampCache"):
+Whether to cache Timestamp Created Strings (these are only cached in
+conjunction with a message Signature). The default value is "true".</p>
+</li>
+<li>
+<p>ConfigurationConstants.NONCE_CACHE_INSTANCE ("nonceCacheInstance"): This
+holds a reference to a ReplayCache instance used to cache UsernameToken
+nonces. The default instance that is used is the EHCacheReplayCache.</p>
+</li>
+<li>
+<p>ConfigurationConstants.ENABLE_NONCE_CACHE ("enableNonceCache"): Whether to
+cache UsernameToken nonces. The default value is "true".</p>
+</li>
+<li>
+<p>ConfigurationConstants. SAML_ONE_TIME_USE_CACHE_INSTANCE
+("samlOneTimeUseCacheInstance"): This holds a reference to a ReplayCache
+instance used to cache SAML2 Token Identifier Strings (if the token contains a
+OneTimeUse Condition). The default instance that is used is the
+EHCacheReplayCache.</p>
+</li>
+<li>
+<p>ConfigurationConstants.ENABLE_SAML_ONE_TIME_USE_CACHE
+("enableSamlOneTimeUseCache"): Whether to cache SAML2 Token Identifiers, if
+the token contains a "OneTimeUse" Condition. The default value is "true".</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect3">
+<h4 id="encrypting_passwords_in_crypto_property_files">Encrypting passwords in
Crypto property files</h4>
+<div class="paragraph">
+<p>A typical example of the contents of a Crypto properties file (for Signature
+creation) is as follows:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin</p>
+</li>
+<li>
+<p>org.apache.wss4j.crypto.merlin.keystore.type=jks</p>
+</li>
+<li>
+<p>org.apache.wss4j.crypto.merlin.keystore.password=security</p>
+</li>
+<li>
+<p>org.apache.wss4j.crypto.merlin.keystore.alias=wss40</p>
+</li>
+<li>
+<p>org.apache.wss4j.crypto.merlin.keystore.file=keys/wss40.jks</p>
+</li>
+</ul>
+</div>
+<div class="paragraph">
+<p>Note that the password used to load the keystore is in cleartext. One of the
+new features of Apache WSS4J 2.0.0 is the ability to instead store a (BASE-64
+encoded) encrypted version of the keystore password in the Crypto properties
+file. A new PasswordEncryptor interface is defined to allow for the
+encryption/decryption of passwords. A default implementation is now provided
+based on Jasypt called JasyptPasswordEncryptor, which uses
+"PBEWithMD5AndTripleDES".</p>
+</div>
+<div class="paragraph">
+<p>The WSPasswordCallback class has an additional "usage" called
+WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD, which is used to return the
+master password for use with the PasswordEncryptor implementation. When WSS4J
+is loading a Crypto implementation via a properties file, and it encounters a
+password encrypted in the format "ENC(encoded encrypted password)", it queries
+a CallbackHandler for a password via this WSPasswordCallback usage tag. It is
+possible to pass a custom PasswordEncryptor implementation to WSS4J via the
+new configuration tag ConfigurationConstants.PASSWORD_ENCRYPTOR_INSTANCE
+("passwordEncryptorInstance").</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="miscellaneous_new_features">Miscellaneous new features</h4>
+<div class="paragraph">
+<p>Support was added in WSS4J 1.6.x to obtain a Kerberos ticket from a KDC (Key
+Distribution Center) and include it in the security header of a request, as
+well as to process the received token. However, there was no built-in way to
+extract the secret key from the ticket to secure the request. Instead it was
+up to the user to plug in a custom "KerberosTokenDecoder" implementation to
+support this behaviour. In WSS4J 2.0.0, a default KerberosTokenDecoder
+implementation is provided, and so WSS4J now supports signing/encrypting using
+Kerberos tokens by default.</p>
+</div>
+<div class="paragraph">
+<p>A new "CustomToken" Action is defined in WSS4J 2.0.0. If this action is
+defined, a token (DOM Element) will be retrieved from a CallbackHandler via
+WSPasswordCallback.Usage.CUSTOM_TOKEN and written out as is in the security
+header. This provides for an easy way to write out tokens that have been
+retrieved out of band. Another related new feature is the ability to associate
+an action with a particular set of keys/algorithms. This means that it is now
+possible to configure two different Signature actions, that use different
+keys/algorithms.</p>
+</div>
+<div class="paragraph">
+<p>Support for enforcing the Basic Security Profile (BSP) 1.1 specification was
+added in WSS4J 1.6.x. In WSS4J 2.0.0, it is possible to disable individual
+BSP Rules for a non-compliant request, instead of having to disable BSP
+enforcement altogether as for WSS4J 1.6.x. The RequestData class has a
+setIgnoredBSPRules method, that takes a list of BSPRule Objects as an argument.
+The BSPRule class contains a complete list of Basic Security Profile rules
+that are enforced in WSS4J.</p>
+</div>
+<div class="paragraph">
+<p>WSS4J 2.0.0 now enforces the SubjectConfirmation requirements of an inbound
+SAML Token, instead of leaving it to the web services stack. For
+sender-vouches, a Signature must be present that covers both the SOAP Body and
+the SAML Assertion. For holder-of-key, a Signature must be present that signs
+some part of the SOAP request using the key information contained in the SAML
+Subject. Note that a Signature can be either a message or transport level
+Signature (i.e. using TLS is acceptable). A new configuration tag is defined
+that allows the user to switch off this validation if required
+(ConfigurationConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION -
+"validateSamlSubjectConfirmation").</p>
+</div>
+</div>
+</div>
+<div class="sect2">
+<h3 id="apache_wss4j_1_6_0_migration_guide">Apache WSS4J 1.6.0 Migration
Guide</h3>
+<div class="paragraph">
+<p>This page describes the new features of WSS4J 1.6.0, and the things to be
+aware of when upgrading from WSS4J 1.5.x. Note that WSS4J 1.6.x has now been
+replaced by WSS4J 2.0.x, please see the WSS4J 2.0.0 <a
href="wss4j20.html">migration guide</a> for more information.</p>
+</div>
+<div class="sect3">
+<h4 id="new_features">New features</h4>
+<div class="paragraph">
+<p>This section describes the main new features that have been implemented in
+WSS4J 1.6. For more information on the changes, please click on the links. You
+can also review the
+<a
href="https://issues.apache.org/jira/browse/WSS/fixforversion/12313718";>list of
JIRAs</a>
+that have been fixed in WSS4J 1.6.</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p><a
href="http://coheigea.blogspot.com/2011/03/wss4j-16-jsr-105-support.html";>JSR-105
support</a>:
+WSS4J 1.6 has been ported to use the JSR 105 API for XML Digital Signature.</p>
+</li>
+<li>
+<p><a
href="http://coheigea.blogspot.com/2011/02/support-for-saml2-assertions-in-wss4j.html";>SAML2
support</a>: WSS4J 1.6 includes full support for creating, manipulating and
parsing SAML2
+assertions, via the Opensaml2 library.</p>
+</li>
+<li>
+<p>Performance work: A general code-rewrite has been done with a focus on
improving performance,
+e.g. the <a
href="http://coheigea.blogspot.com/2011/01/wss4j-16-actionprocessor-loading-change.html";>changes</a>
that have been made to processor loading.</p>
+</li>
+<li>
+<p><a
href="http://coheigea.blogspot.com/2011/03/wss4j-16-basic-security-profile-11.html";>Basic
Security Profile 1.1 compliance</a>: WSS4J 1.6 provides support for the BSP
1.1 specification.</p>
+</li>
+<li>
+<p>JDK 1.5 port: The JDK 1.4 requirement of WSS4J 1.5.x has been dropped as
part of this work.</p>
+</li>
+<li>
+<p><a
href="http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html";>Support
for Crypto trust-stores</a>: WSS4J 1.6 separates the concept of keystore and
truststores for
+Crypto implementations.</p>
+</li>
+<li>
+<p><a
href="http://coheigea.blogspot.com/2011/04/wss4j-16-introducing-validators.html";>New
Validator interface</a>: WSS4J 1.6 moves all validation of security tokens
into a new Validator
+interface, which allows for custom validation of specific tokens.</p>
+</li>
+<li>
+<p>Support for the Kerberos Token Profile (in WSS4J 1.6.2 and 1.6.3).</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect3">
+<h4 id="upgrade_notes">Upgrade notes</h4>
+<div class="paragraph">
+<p>This section describes the changes that have been made in WSS4J 1.6 that
will impact on an existing
+user of WSS4J 1.5.x. Although WSS4J 1.6 is not 100% backwards compatible with
1.5.x, a general goal for
+the release was to restrict the API changes to those that were strictly
necessary.</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>All Axis1 dependencies have been removed. Any user wishing to use WSS4J
with Axis1 must use the
+WSS4J 1.5.x library. As Axis1 has been replaced by Axis2, this is unlikely to
be an issue.</p>
+</li>
+<li>
+<p>A number of changes have been made to the Crypto interface. See
+<a
href="http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html";>here</a>,
+<a
href="http://coheigea.blogspot.com/2011/02/wss4j-16-changes-to-crypto-interface.html";>here</a>
+and <a
href="http://coheigea.blogspot.com/2011/02/wss4j-16-change-to-publickey-validation.html";>here</a>
+for an indepth explanation. In a nutshell, these changes are:</p>
+<div class="olist arabic">
+<ol class="arabic">
+<li>
+<p>The BouncyCastle crypto implementation has been removed (replaced by
Merlin)</p>
+</li>
+<li>
+<p>A new set of Merlin "truststore" configuration tags have been added. The
behaviour of the old Merlin
+configuration tags will work exactly the same way in WSS4J 1.6.</p>
+</li>
+<li>
+<p>The CA certs are now <b>not</b> loaded by default.</p>
+</li>
+<li>
+<p>PublicKeys (from KeyValues) are now not handled by a PublicKeyCallback, but
by the Crypto implementation
+directly.</p>
+</li>
+</ol>
+</div>
+</li>
+<li>
+<p>If the WSEncryptionPart used to point to an element for signature or
encryption does not either store
+the element directly, or store the wsu:Id, <strong>all</strong> DOM Elements
that match the stored
+localname/namespace will be processed. See the
+<a
href="http://ws.apache.org/wss4j/topics.html#Specifying_elements_to_sign_or_encrypt";>Special
Topics page</a>
+for more information.</p>
+</li>
+<li>
+<p>WSS4J 1.5.x used Opensaml1 to provide extremely limited support for SAML 1
assertions. WSS4J 1.6 has
+been upgraded to Opensaml2, and provides far more comprehensive support for
SAML. See
+<a
href="http://coheigea.blogspot.com/2011/02/support-for-saml2-assertions-in-wss4j.html";>here</a>
for
+more information on this. Some changes to be aware of are:</p>
+<div class="olist arabic">
+<ol class="arabic">
+<li>
+<p>The way of creating SAML assertions via a properties file has completely
changed. For example, see
+<a href="xref-test/org/apache/ws/security/saml/SamlTokenTest.html">SAML Token
Test</a>.</p>
+</li>
+<li>
+<p>WSS4J 1.5.x ignored (enveloped) signatures on SAML (1.1) assertions - this
is no longer the case, so
+deployments which do not set the correct keystore/truststore config for
dealing with signature
+verification will fail.</p>
+</li>
+<li>
+<p>The SAMLTokenProcessor no longer saves all tokens as an
"WSConstants.ST_UNSIGNED" action. It saves
+tokens that do not have an enveloped signature as this action, and token which
<strong>do</strong> have an enveloped
+signature are saved as a "WSConstants.ST_SIGNED" action.</p>
+</li>
+<li>
+<p>The object that is saved as part of the action above has changed, from an
Opensaml1 specific Assertion
+object, to an AssertionWrapper instance, which is a WSS4J specific object
which encapsulates an
+Assertion, as well as some information corresponding to signature
verification, etc.</p>
+</li>
+</ol>
+</div>
+</li>
+<li>
+<p>The way that UsernameTokens are processed has been changed. See
+<a
href="http://coheigea.blogspot.com/2011/02/usernametoken-processing-changes-in.html";>here</a>
for
+more information. Some important changes are:</p>
+<div class="olist arabic">
+<ol class="arabic">
+<li>
+<p>The plaintext password case has exactly the same behaviour as the digest
case. The identifier is now
+WSPasswordCallback.USERNAME_TOKEN and not
WSPasswordCallback.USERNAME_TOKEN_UNKNOWN, and the
+CallbackHandler does not do any authentication, but must set the password on
the callback.</p>
+</li>
+<li>
+<p>The custom password type case defaults to the same behaviour as the
plaintext case, assuming
+wssConfig.getHandleCustomPasswordTypes() returns true.</p>
+</li>
+<li>
+<p>For the case of a username token with no password element, the default
behaviour is simply to ignore it,
+and to store it as a new result of type WSConstants.UT_NOPASSWORD.</p>
+</li>
+</ol>
+</div>
+</li>
+<li>
+<p>Some changes have been made to the WSPasswordCallback identifiers, used to
obtain passwords for various
+actions. For more information see
+<a
href="http://coheigea.blogspot.com/2011/02/wspasswordcallback-changes-in-wss4j-16.html";>here</a>.
In
+a nutshell, these changes consist of:</p>
+<div class="olist arabic">
+<ol class="arabic">
+<li>
+<p>The WSPasswordCallback KEY_NAME, USERNAME_TOKEN_UNKNOWN and
WSPasswordCallback.ENCRYPTED_KEY_TOKEN
+identifiers have been removed.</p>
+</li>
+<li>
+<p>CUSTOM_TOKEN is not longer used in the processors to get a secret key.</p>
+</li>
+<li>
+<p>SECRET_KEY is a new identifier for finding secret keys. It replaces the
occasionally incorrect use of
+CUSTOM_TOKEN, as well as KEY_NAME and ENCRYPTED_KEY_TOKEN.</p>
+</li>
+</ol>
+</div>
+</li>
+<li>
+<p>Timestamp validation and signature trust verification is not done by the
WSHandler implementation
+any more, but is performed when the security header is processed.</p>
+</li>
+</ul>
+</div>
+</div>
+</div>
+</div>
+</div>
+ </div>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ <div id="footer">
+ <div class="xright">
+ Apache WSS4J, WSS4J, Apache, the Apache feather logo are
trademarks of The Apache Software Foundation.
+ All other marks mentioned may be trademarks or registered trademarks of
their respective owners.
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ </body>
+</html>
Added: webservices/website/wss4j/newfeatures20.html
URL:
http://svn.apache.org/viewvc/webservices/website/wss4j/newfeatures20.html?rev=1856947&view=auto
==============================================================================
--- webservices/website/wss4j/newfeatures20.html (added)
+++ webservices/website/wss4j/newfeatures20.html Thu Apr 4 15:31:46 2019
@@ -0,0 +1,313 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<!-- Generated by Apache Maven Doxia Site Renderer 1.7.4 at 2019-04-04 -->
+<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>Apache WSS4J – </title>
+ <style type="text/css" media="all">
+ @import url("./css/maven-base.css");
+ @import url("./css/maven-theme.css");
+ @import url("./css/site.css");
+ </style>
+ <link rel="stylesheet" href="./css/print.css" type="text/css"
media="print" />
+ <meta http-equiv="Content-Language" content="en" />
+
+ </head>
+ <body class="composite">
+ <div id="banner">
+ <a href="./" id="bannerLeft">
+ Apache WSS4Jâ¢
+ </a>
+ <a href="http://www.apache.org"; id="bannerRight">
+ <img
src="http://activemq.apache.org/images/asf-logo.png"; alt="$alt" />
+ </a>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="breadcrumbs">
+
+ <div class="xleft">
+ <span id="publishDate">Last Published: 2019-04-04</span>
+ | <span id="projectVersion">Version:
2.3.0-SNAPSHOT</span>
+ </div>
+ <div class="xright">
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="leftColumn">
+ <div id="navcolumn">
+
+ <h5>Apache WSS4J</h5>
+ <ul>
+ <li class="none">
+ <a href="index.html" title="Home">Home</a>
+ </li>
+ <li class="none">
+ <a href="download.html" title="Download">Download</a>
+ </li>
+ <li class="none">
+ <a href="user_guide.html" title="User Guide">User
Guide</a>
+ </li>
+ <li class="none">
+ <a href="security_advisories.html" title="Security
Advisories">Security Advisories</a>
+ </li>
+ </ul>
+ <h5>Project Documentation</h5>
+ <ul>
+
<li class="collapsed">
+ <a href="project-info.html" title="Project
Information">Project Information</a>
+ </li>
+
<li
class="collapsed">
+ <a href="project-reports.html" title="Project
Reports">Project Reports</a>
+ </li>
+ </ul>
+ <a href="http://maven.apache.org/"; title="Built
by Maven" class="poweredBy">
+ <img class="poweredBy" alt="Built by Maven"
src="./images/logos/maven-feather.png" />
+ </a>
+
+ </div>
+ </div>
+ <div id="bodyColumn">
+ <div id="contentBox">
+ <div class="sect2">
+<h3 id="new_features_available_in_apache_wss4j_2_0_0">New features available
in Apache WSS4J 2.0.0</h3>
+<div class="sect3">
+<h4 id="overview_of_new_features">Overview of new features</h4>
+<div class="paragraph">
+<p>Apache WSS4J 2.0.0 delivers the following major new features:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>Support for a streaming (StAX) based WS-Security implementation that
+covers all of the main specifications.</p>
+</li>
+<li>
+<p>A WS-SecurityPolicy model that can be shared between both DOM + StAX
+implementations.</p>
+</li>
+<li>
+<p>Support for "real-time" WS-SecurityPolicy validation for the StAX
+implementation.</p>
+</li>
+<li>
+<p>Support for the SOAP with Attachments (SWA) Profile 1.1 specification.</p>
+</li>
+<li>
+<p>Support for caching based on EhCache.</p>
+</li>
+<li>
+<p>Support for encrypting passwords in Crypto properties files using
Jasypt.</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect3">
+<h4 id="streaming_stax_based_ws_security_implementation">Streaming (StAX)
based WS-Security implementation</h4>
+<div class="paragraph">
+<p>WSS4J 2.0.0 introduces a new streaming (StAX) based WS-Security
implementation.
+Please see the dedicated <a href="streaming.html">page</a> for more
information.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="ws_securitypolicy_support">WS-SecurityPolicy support</h4>
+<div class="paragraph">
+<p>WSS4J 2.0.0 introduces a new WS-SecurityPolicy model as part of the
+"wss4j-policy" module. This model can be shared between both the DOM and StAX
+WS-Security implementations. Web service stacks such as Apache CXF and
+Apache Axis/Rampart that use WSS4J for WS-Security no longer need to maintain
+their own model. In this way any bug fixes to the model will get picked up
+by all web service stacks that rely on WSS4J.</p>
+</div>
+<div class="paragraph">
+<p>In addition to the new WS-SecurityPolicy model, a significant new feature of
+WSS4J 2.0.0 is that the new streaming WS-Security implementation has the
+ability to perform "real-time" validation of a request against the set of
+applicable WS-SecurityPolicy policies. The DOM-based code in WSS4J does not
+have any concept of WS-SecurityPolicy, but instead processes an inbound
+request, and relies on the web service stack to compare the results against
+the applicable policies. The advantage of the streaming approach in WSS4J
+2.0.0 is that bogus requests can be rejected quicker, which may help to avoid
+DoS based scenarios.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="support_for_signing_and_encrypting_message_attachments">Support for
signing and encrypting message attachments</h4>
+<div class="paragraph">
+<p>WSS4J 2.0.0 introduces support for signing and encrypting SOAP message
+attachments, via the the SOAP with Attachments (SWA) Profile 1.1 specification.
+Please see the dedicated <a href="attachments.html">page</a> for more
+information.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="replay_attack_detection_using_ehcache">Replay Attack detection using
EhCache</h4>
+<div class="paragraph">
+<p>In WSS4J 1.6.x, a "ReplayCache" interface was introduced to cache tokens to
+guard against replay attacks for the following scenarios:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>Signed Timestamps</p>
+</li>
+<li>
+<p>UsernameToken nonces</p>
+</li>
+<li>
+<p>SAML OneTimeUse Assertions</p>
+</li>
+</ul>
+</div>
+<div class="paragraph">
+<p>However, replay attack detection was not "switched on" by default in WSS4J
+1.6.x. In WSS4J 2.0.x, replay attack detection is enabled by default using
+an implementation of the "ReplayCache" interface based on EhCache. The
+following configuration tags can be used to configure caching:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>ConfigurationConstants.TIMESTAMP_CACHE_INSTANCE ("timestampCacheInstance"):
+This holds a reference to a ReplayCache instance used to cache Timestamp
+Created Strings. The default instance that is used is the
EHCacheReplayCache.</p>
+</li>
+<li>
+<p>ConfigurationConstants.ENABLE_TIMESTAMP_CACHE ("enableTimestampCache"):
+Whether to cache Timestamp Created Strings (these are only cached in
+conjunction with a message Signature). The default value is "true".</p>
+</li>
+<li>
+<p>ConfigurationConstants.NONCE_CACHE_INSTANCE ("nonceCacheInstance"): This
+holds a reference to a ReplayCache instance used to cache UsernameToken
+nonces. The default instance that is used is the EHCacheReplayCache.</p>
+</li>
+<li>
+<p>ConfigurationConstants.ENABLE_NONCE_CACHE ("enableNonceCache"): Whether to
+cache UsernameToken nonces. The default value is "true".</p>
+</li>
+<li>
+<p>ConfigurationConstants. SAML_ONE_TIME_USE_CACHE_INSTANCE
+("samlOneTimeUseCacheInstance"): This holds a reference to a ReplayCache
+instance used to cache SAML2 Token Identifier Strings (if the token contains a
+OneTimeUse Condition). The default instance that is used is the
+EHCacheReplayCache.</p>
+</li>
+<li>
+<p>ConfigurationConstants.ENABLE_SAML_ONE_TIME_USE_CACHE
+("enableSamlOneTimeUseCache"): Whether to cache SAML2 Token Identifiers, if
+the token contains a "OneTimeUse" Condition. The default value is "true".</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect3">
+<h4 id="encrypting_passwords_in_crypto_property_files">Encrypting passwords in
Crypto property files</h4>
+<div class="paragraph">
+<p>A typical example of the contents of a Crypto properties file (for Signature
+creation) is as follows:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin</p>
+</li>
+<li>
+<p>org.apache.wss4j.crypto.merlin.keystore.type=jks</p>
+</li>
+<li>
+<p>org.apache.wss4j.crypto.merlin.keystore.password=security</p>
+</li>
+<li>
+<p>org.apache.wss4j.crypto.merlin.keystore.alias=wss40</p>
+</li>
+<li>
+<p>org.apache.wss4j.crypto.merlin.keystore.file=keys/wss40.jks</p>
+</li>
+</ul>
+</div>
+<div class="paragraph">
+<p>Note that the password used to load the keystore is in cleartext. One of the
+new features of Apache WSS4J 2.0.0 is the ability to instead store a (BASE-64
+encoded) encrypted version of the keystore password in the Crypto properties
+file. A new PasswordEncryptor interface is defined to allow for the
+encryption/decryption of passwords. A default implementation is now provided
+based on Jasypt called JasyptPasswordEncryptor, which uses
+"PBEWithMD5AndTripleDES".</p>
+</div>
+<div class="paragraph">
+<p>The WSPasswordCallback class has an additional "usage" called
+WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD, which is used to return the
+master password for use with the PasswordEncryptor implementation. When WSS4J
+is loading a Crypto implementation via a properties file, and it encounters a
+password encrypted in the format "ENC(encoded encrypted password)", it queries
+a CallbackHandler for a password via this WSPasswordCallback usage tag. It is
+possible to pass a custom PasswordEncryptor implementation to WSS4J via the
+new configuration tag ConfigurationConstants.PASSWORD_ENCRYPTOR_INSTANCE
+("passwordEncryptorInstance").</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="miscellaneous_new_features">Miscellaneous new features</h4>
+<div class="paragraph">
+<p>Support was added in WSS4J 1.6.x to obtain a Kerberos ticket from a KDC (Key
+Distribution Center) and include it in the security header of a request, as
+well as to process the received token. However, there was no built-in way to
+extract the secret key from the ticket to secure the request. Instead it was
+up to the user to plug in a custom "KerberosTokenDecoder" implementation to
+support this behaviour. In WSS4J 2.0.0, a default KerberosTokenDecoder
+implementation is provided, and so WSS4J now supports signing/encrypting using
+Kerberos tokens by default.</p>
+</div>
+<div class="paragraph">
+<p>A new "CustomToken" Action is defined in WSS4J 2.0.0. If this action is
+defined, a token (DOM Element) will be retrieved from a CallbackHandler via
+WSPasswordCallback.Usage.CUSTOM_TOKEN and written out as is in the security
+header. This provides for an easy way to write out tokens that have been
+retrieved out of band. Another related new feature is the ability to associate
+an action with a particular set of keys/algorithms. This means that it is now
+possible to configure two different Signature actions, that use different
+keys/algorithms.</p>
+</div>
+<div class="paragraph">
+<p>Support for enforcing the Basic Security Profile (BSP) 1.1 specification was
+added in WSS4J 1.6.x. In WSS4J 2.0.0, it is possible to disable individual
+BSP Rules for a non-compliant request, instead of having to disable BSP
+enforcement altogether as for WSS4J 1.6.x. The RequestData class has a
+setIgnoredBSPRules method, that takes a list of BSPRule Objects as an argument.
+The BSPRule class contains a complete list of Basic Security Profile rules
+that are enforced in WSS4J.</p>
+</div>
+<div class="paragraph">
+<p>WSS4J 2.0.0 now enforces the SubjectConfirmation requirements of an inbound
+SAML Token, instead of leaving it to the web services stack. For
+sender-vouches, a Signature must be present that covers both the SOAP Body and
+the SAML Assertion. For holder-of-key, a Signature must be present that signs
+some part of the SOAP request using the key information contained in the SAML
+Subject. Note that a Signature can be either a message or transport level
+Signature (i.e. using TLS is acceptable). A new configuration tag is defined
+that allows the user to switch off this validation if required
+(ConfigurationConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION -
+"validateSamlSubjectConfirmation").</p>
+</div>
+</div>
+</div>
+ </div>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ <div id="footer">
+ <div class="xright">
+ Apache WSS4J, WSS4J, Apache, the Apache feather logo are
trademarks of The Apache Software Foundation.
+ All other marks mentioned may be trademarks or registered trademarks of
their respective owners.
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ </body>
+</html>
Added:
webservices/website/wss4j/testapidocs/org/apache/wss4j/common/cache/ReplayCacheTest.html
URL:
http://svn.apache.org/viewvc/webservices/website/wss4j/testapidocs/org/apache/wss4j/common/cache/ReplayCacheTest.html?rev=1856947&view=auto
==============================================================================
---
webservices/website/wss4j/testapidocs/org/apache/wss4j/common/cache/ReplayCacheTest.html
(added)
+++
webservices/website/wss4j/testapidocs/org/apache/wss4j/common/cache/ReplayCacheTest.html
Thu Apr 4 15:31:46 2019
@@ -0,0 +1,301 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
+<!-- NewPage -->
+<html lang="en">
+<head>
+<!-- Generated by javadoc (1.8.0_201) on Thu Apr 04 16:08:09 IST 2019 -->
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>ReplayCacheTest (Apache WSS4J 2.3.0-SNAPSHOT Test API)</title>
+<meta name="date" content="2019-04-04">
+<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css"
title="Style">
+<script type="text/javascript" src="../../../../../script.js"></script>
+</head>
+<body>
+<script type="text/javascript"><!--
+ try {
+ if (location.href.indexOf('is-external=true') == -1) {
+ parent.document.title="ReplayCacheTest (Apache WSS4J
2.3.0-SNAPSHOT Test API)";
+ }
+ }
+ catch(err) {
+ }
+//-->
+var methods = {"i0":10,"i1":10};
+var tabs = {65535:["t0","All Methods"],2:["t2","Instance
Methods"],8:["t4","Concrete Methods"]};
+var altColor = "altColor";
+var rowColor = "rowColor";
+var tableTab = "tableTab";
+var activeTableTab = "activeTableTab";
+</script>
+<noscript>
+<div>JavaScript is disabled on your browser.</div>
+</noscript>
+<!-- ========= START OF TOP NAVBAR ======= -->
+<div class="topNav"><a name="navbar.top">
+<!-- -->
+</a>
+<div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation
links">Skip navigation links</a></div>
+<a name="navbar.top.firstrow">
+<!-- -->
+</a>
+<ul class="navList" title="Navigation">
+<li><a href="../../../../../overview-summary.html">Overview</a></li>
+<li><a href="package-summary.html">Package</a></li>
+<li class="navBarCell1Rev">Class</li>
+<li><a href="class-use/ReplayCacheTest.html">Use</a></li>
+<li><a href="package-tree.html">Tree</a></li>
+<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
+<li><a href="../../../../../index-all.html">Index</a></li>
+<li><a href="../../../../../help-doc.html">Help</a></li>
+</ul>
+</div>
+<div class="subNav">
+<ul class="navList">
+<li><a
href="../../../../../org/apache/wss4j/common/cache/EHCacheManagerHolderTest.html"
title="class in org.apache.wss4j.common.cache"><span
class="typeNameLink">Prev Class</span></a></li>
+<li>Next Class</li>
+</ul>
+<ul class="navList">
+<li><a
href="../../../../../index.html?org/apache/wss4j/common/cache/ReplayCacheTest.html"
target="_top">Frames</a></li>
+<li><a href="ReplayCacheTest.html" target="_top">No Frames</a></li>
+</ul>
+<ul class="navList" id="allclasses_navbar_top">
+<li><a href="../../../../../allclasses-noframe.html">All Classes</a></li>
+</ul>
+<div>
+<script type="text/javascript"><!--
+ allClassesLink = document.getElementById("allclasses_navbar_top");
+ if(window==top) {
+ allClassesLink.style.display = "block";
+ }
+ else {
+ allClassesLink.style.display = "none";
+ }
+ //-->
+</script>
+</div>
+<div>
+<ul class="subNavList">
+<li>Summary: </li>
+<li>Nested | </li>
+<li>Field | </li>
+<li><a href="#constructor.summary">Constr</a> | </li>
+<li><a href="#method.summary">Method</a></li>
+</ul>
+<ul class="subNavList">
+<li>Detail: </li>
+<li>Field | </li>
+<li><a href="#constructor.detail">Constr</a> | </li>
+<li><a href="#method.detail">Method</a></li>
+</ul>
+</div>
+<a name="skip.navbar.top">
+<!-- -->
+</a></div>
+<!-- ========= END OF TOP NAVBAR ========= -->
+<!-- ======== START OF CLASS DATA ======== -->
+<div class="header">
+<div class="subTitle">org.apache.wss4j.common.cache</div>
+<h2 title="Class ReplayCacheTest" class="title">Class ReplayCacheTest</h2>
+</div>
+<div class="contentContainer">
+<ul class="inheritance">
+<li><a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true";
title="class or interface in java.lang">java.lang.Object</a></li>
+<li>
+<ul class="inheritance">
+<li>org.apache.wss4j.common.cache.ReplayCacheTest</li>
+</ul>
+</li>
+</ul>
+<div class="description">
+<ul class="blockList">
+<li class="blockList">
+<hr>
+<br>
+<pre>public class <span class="typeNameLabel">ReplayCacheTest</span>
+extends <a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true";
title="class or interface in java.lang">Object</a></pre>
+<div class="block">Some unit tests for the ReplayCache implementations</div>
+</li>
+</ul>
+</div>
+<div class="summary">
+<ul class="blockList">
+<li class="blockList">
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+<ul class="blockList">
+<li class="blockList"><a name="constructor.summary">
+<!-- -->
+</a>
+<h3>Constructor Summary</h3>
+<table class="memberSummary" border="0" cellpadding="3" cellspacing="0"
summary="Constructor Summary table, listing constructors, and an explanation">
+<caption><span>Constructors</span><span class="tabEnd"> </span></caption>
+<tr>
+<th class="colOne" scope="col">Constructor and Description</th>
+</tr>
+<tr class="altColor">
+<td class="colOne"><code><span class="memberNameLink"><a
href="../../../../../org/apache/wss4j/common/cache/ReplayCacheTest.html#ReplayCacheTest--">ReplayCacheTest</a></span>()</code> </td>
+</tr>
+</table>
+</li>
+</ul>
+<!-- ========== METHOD SUMMARY =========== -->
+<ul class="blockList">
+<li class="blockList"><a name="method.summary">
+<!-- -->
+</a>
+<h3>Method Summary</h3>
+<table class="memberSummary" border="0" cellpadding="3" cellspacing="0"
summary="Method Summary table, listing methods, and an explanation">
+<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span
class="tabEnd"> </span></span><span id="t2" class="tableTab"><span><a
href="javascript:show(2);">Instance Methods</a></span><span
class="tabEnd"> </span></span><span id="t4" class="tableTab"><span><a
href="javascript:show(8);">Concrete Methods</a></span><span
class="tabEnd"> </span></span></caption>
+<tr>
+<th class="colFirst" scope="col">Modifier and Type</th>
+<th class="colLast" scope="col">Method and Description</th>
+</tr>
+<tr id="i0" class="altColor">
+<td class="colFirst"><code>void</code></td>
+<td class="colLast"><code><span class="memberNameLink"><a
href="../../../../../org/apache/wss4j/common/cache/ReplayCacheTest.html#testEhCacheReplayCache--">testEhCacheReplayCache</a></span>()</code> </td>
+</tr>
+<tr id="i1" class="rowColor">
+<td class="colFirst"><code>void</code></td>
+<td class="colLast"><code><span class="memberNameLink"><a
href="../../../../../org/apache/wss4j/common/cache/ReplayCacheTest.html#testMemoryReplayCache--">testMemoryReplayCache</a></span>()</code> </td>
+</tr>
+</table>
+<ul class="blockList">
+<li class="blockList"><a name="methods.inherited.from.class.java.lang.Object">
+<!-- -->
+</a>
+<h3>Methods inherited from class java.lang.<a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true";
title="class or interface in java.lang">Object</a></h3>
+<code><a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone--";
title="class or interface in java.lang">clone</a>, <a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals-java.lang.Object-";
title="class or interface in java.lang">equals</a>, <a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize--";
title="class or interface in java.lang">finalize</a>, <a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass--";
title="class or interface in java.lang">getClass</a>, <a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#hashCode--";
title="class or interface in java.lang">hashCode</a>, <a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notify--";
title="class or interface in java.lang">notify</a>, <a
href="http://docs.oracle.com/javase/8/docs/api/java/lang
/Object.html?is-external=true#notifyAll--" title="class or interface in
java.lang">notifyAll</a>, <a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#toString--";
title="class or interface in java.lang">toString</a>, <a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait--";
title="class or interface in java.lang">wait</a>, <a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait-long-";
title="class or interface in java.lang">wait</a>, <a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait-long-int-";
title="class or interface in java.lang">wait</a></code></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="details">
+<ul class="blockList">
+<li class="blockList">
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+<ul class="blockList">
+<li class="blockList"><a name="constructor.detail">
+<!-- -->
+</a>
+<h3>Constructor Detail</h3>
+<a name="ReplayCacheTest--">
+<!-- -->
+</a>
+<ul class="blockListLast">
+<li class="blockList">
+<h4>ReplayCacheTest</h4>
+<pre>public ReplayCacheTest()</pre>
+</li>
+</ul>
+</li>
+</ul>
+<!-- ============ METHOD DETAIL ========== -->
+<ul class="blockList">
+<li class="blockList"><a name="method.detail">
+<!-- -->
+</a>
+<h3>Method Detail</h3>
+<a name="testMemoryReplayCache--">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>testMemoryReplayCache</h4>
+<pre>public void testMemoryReplayCache()
+ throws <a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/InterruptedException.html?is-external=true";
title="class or interface in java.lang">InterruptedException</a>,
+ <a
href="http://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true";
title="class or interface in java.io">IOException</a></pre>
+<dl>
+<dt><span class="throwsLabel">Throws:</span></dt>
+<dd><code><a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/InterruptedException.html?is-external=true";
title="class or interface in java.lang">InterruptedException</a></code></dd>
+<dd><code><a
href="http://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true";
title="class or interface in java.io">IOException</a></code></dd>
+</dl>
+</li>
+</ul>
+<a name="testEhCacheReplayCache--">
+<!-- -->
+</a>
+<ul class="blockListLast">
+<li class="blockList">
+<h4>testEhCacheReplayCache</h4>
+<pre>public void testEhCacheReplayCache()
+ throws <a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/InterruptedException.html?is-external=true";
title="class or interface in java.lang">InterruptedException</a>,
+ <a
href="http://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true";
title="class or interface in java.io">IOException</a></pre>
+<dl>
+<dt><span class="throwsLabel">Throws:</span></dt>
+<dd><code><a
href="http://docs.oracle.com/javase/8/docs/api/java/lang/InterruptedException.html?is-external=true";
title="class or interface in java.lang">InterruptedException</a></code></dd>
+<dd><code><a
href="http://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true";
title="class or interface in java.io">IOException</a></code></dd>
+</dl>
+</li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+</div>
+</div>
+<!-- ========= END OF CLASS DATA ========= -->
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<div class="bottomNav"><a name="navbar.bottom">
+<!-- -->
+</a>
+<div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation
links">Skip navigation links</a></div>
+<a name="navbar.bottom.firstrow">
+<!-- -->
+</a>
+<ul class="navList" title="Navigation">
+<li><a href="../../../../../overview-summary.html">Overview</a></li>
+<li><a href="package-summary.html">Package</a></li>
+<li class="navBarCell1Rev">Class</li>
+<li><a href="class-use/ReplayCacheTest.html">Use</a></li>
+<li><a href="package-tree.html">Tree</a></li>
+<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
+<li><a href="../../../../../index-all.html">Index</a></li>
+<li><a href="../../../../../help-doc.html">Help</a></li>
+</ul>
+</div>
+<div class="subNav">
+<ul class="navList">
+<li><a
href="../../../../../org/apache/wss4j/common/cache/EHCacheManagerHolderTest.html"
title="class in org.apache.wss4j.common.cache"><span
class="typeNameLink">Prev Class</span></a></li>
+<li>Next Class</li>
+</ul>
+<ul class="navList">
+<li><a
href="../../../../../index.html?org/apache/wss4j/common/cache/ReplayCacheTest.html"
target="_top">Frames</a></li>
+<li><a href="ReplayCacheTest.html" target="_top">No Frames</a></li>
+</ul>
+<ul class="navList" id="allclasses_navbar_bottom">
+<li><a href="../../../../../allclasses-noframe.html">All Classes</a></li>
+</ul>
+<div>
+<script type="text/javascript"><!--
+ allClassesLink = document.getElementById("allclasses_navbar_bottom");
+ if(window==top) {
+ allClassesLink.style.display = "block";
+ }
+ else {
+ allClassesLink.style.display = "none";
+ }
+ //-->
+</script>
+</div>
+<div>
+<ul class="subNavList">
+<li>Summary: </li>
+<li>Nested | </li>
+<li>Field | </li>
+<li><a href="#constructor.summary">Constr</a> | </li>
+<li><a href="#method.summary">Method</a></li>
+</ul>
+<ul class="subNavList">
+<li>Detail: </li>
+<li>Field | </li>
+<li><a href="#constructor.detail">Constr</a> | </li>
+<li><a href="#method.detail">Method</a></li>
+</ul>
+</div>
+<a name="skip.navbar.bottom">
+<!-- -->
+</a></div>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+<p class="legalCopy"><small>Copyright © 2004–2019 <a
href="http://www.apache.org/";>The Apache Software Foundation</a>. All rights
reserved.</small></p>
+</body>
+</html>
Added:
webservices/website/wss4j/testapidocs/org/apache/wss4j/common/cache/class-use/ReplayCacheTest.html
URL:
http://svn.apache.org/viewvc/webservices/website/wss4j/testapidocs/org/apache/wss4j/common/cache/class-use/ReplayCacheTest.html?rev=1856947&view=auto
==============================================================================
---
webservices/website/wss4j/testapidocs/org/apache/wss4j/common/cache/class-use/ReplayCacheTest.html
(added)
+++
webservices/website/wss4j/testapidocs/org/apache/wss4j/common/cache/class-use/ReplayCacheTest.html
Thu Apr 4 15:31:46 2019
@@ -0,0 +1,126 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
+<!-- NewPage -->
+<html lang="en">
+<head>
+<!-- Generated by javadoc (1.8.0_201) on Thu Apr 04 16:08:10 IST 2019 -->
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Uses of Class org.apache.wss4j.common.cache.ReplayCacheTest (Apache
WSS4J 2.3.0-SNAPSHOT Test API)</title>
+<meta name="date" content="2019-04-04">
+<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css"
title="Style">
+<script type="text/javascript" src="../../../../../../script.js"></script>
+</head>
+<body>
+<script type="text/javascript"><!--
+ try {
+ if (location.href.indexOf('is-external=true') == -1) {
+ parent.document.title="Uses of Class
org.apache.wss4j.common.cache.ReplayCacheTest (Apache WSS4J 2.3.0-SNAPSHOT Test
API)";
+ }
+ }
+ catch(err) {
+ }
+//-->
+</script>
+<noscript>
+<div>JavaScript is disabled on your browser.</div>
+</noscript>
+<!-- ========= START OF TOP NAVBAR ======= -->
+<div class="topNav"><a name="navbar.top">
+<!-- -->
+</a>
+<div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation
links">Skip navigation links</a></div>
+<a name="navbar.top.firstrow">
+<!-- -->
+</a>
+<ul class="navList" title="Navigation">
+<li><a href="../../../../../../overview-summary.html">Overview</a></li>
+<li><a href="../package-summary.html">Package</a></li>
+<li><a
href="../../../../../../org/apache/wss4j/common/cache/ReplayCacheTest.html"
title="class in org.apache.wss4j.common.cache">Class</a></li>
+<li class="navBarCell1Rev">Use</li>
+<li><a href="../package-tree.html">Tree</a></li>
+<li><a href="../../../../../../deprecated-list.html">Deprecated</a></li>
+<li><a href="../../../../../../index-all.html">Index</a></li>
+<li><a href="../../../../../../help-doc.html">Help</a></li>
+</ul>
+</div>
+<div class="subNav">
+<ul class="navList">
+<li>Prev</li>
+<li>Next</li>
+</ul>
+<ul class="navList">
+<li><a
href="../../../../../../index.html?org/apache/wss4j/common/cache/class-use/ReplayCacheTest.html"
target="_top">Frames</a></li>
+<li><a href="ReplayCacheTest.html" target="_top">No Frames</a></li>
+</ul>
+<ul class="navList" id="allclasses_navbar_top">
+<li><a
href="../../../../../../allclasses-noframe.html">All Classes</a></li>
+</ul>
+<div>
+<script type="text/javascript"><!--
+ allClassesLink = document.getElementById("allclasses_navbar_top");
+ if(window==top) {
+ allClassesLink.style.display = "block";
+ }
+ else {
+ allClassesLink.style.display = "none";
+ }
+ //-->
+</script>
+</div>
+<a name="skip.navbar.top">
+<!-- -->
+</a></div>
+<!-- ========= END OF TOP NAVBAR ========= -->
+<div class="header">
+<h2 title="Uses of Class org.apache.wss4j.common.cache.ReplayCacheTest"
class="title">Uses of
Class<br>org.apache.wss4j.common.cache.ReplayCacheTest</h2>
+</div>
+<div class="classUseContainer">No usage of
org.apache.wss4j.common.cache.ReplayCacheTest</div>
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<div class="bottomNav"><a name="navbar.bottom">
+<!-- -->
+</a>
+<div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation
links">Skip navigation links</a></div>
+<a name="navbar.bottom.firstrow">
+<!-- -->
+</a>
+<ul class="navList" title="Navigation">
+<li><a href="../../../../../../overview-summary.html">Overview</a></li>
+<li><a href="../package-summary.html">Package</a></li>
+<li><a
href="../../../../../../org/apache/wss4j/common/cache/ReplayCacheTest.html"
title="class in org.apache.wss4j.common.cache">Class</a></li>
+<li class="navBarCell1Rev">Use</li>
+<li><a href="../package-tree.html">Tree</a></li>
+<li><a href="../../../../../../deprecated-list.html">Deprecated</a></li>
+<li><a href="../../../../../../index-all.html">Index</a></li>
+<li><a href="../../../../../../help-doc.html">Help</a></li>
+</ul>
+</div>
+<div class="subNav">
+<ul class="navList">
+<li>Prev</li>
+<li>Next</li>
+</ul>
+<ul class="navList">
+<li><a
href="../../../../../../index.html?org/apache/wss4j/common/cache/class-use/ReplayCacheTest.html"
target="_top">Frames</a></li>
+<li><a href="ReplayCacheTest.html" target="_top">No Frames</a></li>
+</ul>
+<ul class="navList" id="allclasses_navbar_bottom">
+<li><a
href="../../../../../../allclasses-noframe.html">All Classes</a></li>
+</ul>
+<div>
+<script type="text/javascript"><!--
+ allClassesLink = document.getElementById("allclasses_navbar_bottom");
+ if(window==top) {
+ allClassesLink.style.display = "block";
+ }
+ else {
+ allClassesLink.style.display = "none";
+ }
+ //-->
+</script>
+</div>
+<a name="skip.navbar.bottom">
+<!-- -->
+</a></div>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+<p class="legalCopy"><small>Copyright © 2004–2019 <a
href="http://www.apache.org/";>The Apache Software Foundation</a>. All rights
reserved.</small></p>
+</body>
+</html>
![http://activemq.apache.org/images/asf-logo.png"](http://activemq.apache.org/images/asf-logo.png"){kind=link}