Versions Compared

Old Version 12

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version 13

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • WSS4J has been updated from 1.5.x to 1.6. See here (not yet live) for the list of new features and upgrade notes for Apache WSS4J 1.6. Also

...

  • see Colm's blog for an ongoing list of things that are happening in WSS4J 1.6. Some notable new features for CXF users include:
    • SAML2 support: WSS4J 1.6 includes full support for creating, manipulating and parsing SAML2 assertions, via the Opensaml2 library. See here for more information.
    • Performance work: A general code-rewrite has been done with a focus on improving performance.
    • Support for Crypto trust-stores: WSS4J 1.6 separates the concept of keystore and truststores. See here and here for more information.
      Some upgrade notes to be aware of include:
    • The default CA certs that ship with the JDK are now not loaded by default by the Crypto implementation.
    • The way of creating SAML assertions via a properties file has completely changed.
    • WSS4J 1.5.x ignored (enveloped) signatures on SAML (1.1) assertions - this is no longer the case, so deployments which do not set the correct keystore/truststore config for dealing with signature verification will fail.
    • The SAMLTokenProcessor no longer saves all tokens as an "WSConstants.ST_UNSIGNED" action. It saves tokens that do not have an enveloped signature as this action, and token which do have an enveloped signature are saved as a "WSConstants.ST_SIGNED" action. The object that is saved has changed from an Opensaml1 specific Assertion object, to an AssertionWrapper instance, which is a WSS4J specific object which encapsulates an Assertion, as well as some information corresponding to signature verification, etc.
    • The way that UsernameTokens are processed has been changed. See here for more information. The callbackhandler identifier for plaintext passwords is now WSPasswordCallback.USERNAME_TOKEN, the same as the digest case. The CallbackHandler implementation only sets the password on the callback, and never does any validation of the password.
    • Some changes have been made to the WSPasswordCallback identifiers. See here for more information.

...