Skip to main content
Download 3.1 FCS Now
Download 2.0 FCS Now
Download 3.0 FCS Now

Project Description

Welcome to the XML and WebServices Security Project. This project is part of Project Metro, in the Glassfish community. Here's a detailed overview of the project.

Your participation is fundamental to make this project useful to the Java Community. We encourage you to download and use our implementation.


  • Standards Supported by XWSS 2.0:
  • OASIS WSS 1.0
  • OASIS WSS UsernameToken Profile 1.0
  • OASIS WSS X509 Token  Profile 1.0 (partial)
  • OASIS  WSS SAML Token Profile 1.0 (partial)
  • OASIS   WSS SWA Profile 1.0
  • Standards Supported (by XWSS 3.0 and XWSS 3.1):
  • Status Notes (XWSS 3.1)
  • Status Notes (XWSS 3.0)
  • Status Notes (XWSS 2.0)
  • Developer Guide for Legacy XWSS 2.0 style security(JWSDP 1.6)
  • Developer Guide for XWSS 3.X security (Metro/WSIT security)
  • Licenses: Dual license consisting of the CDDL v1.0 and GPL v2.
  • Platform Requirements
  • Awards
  • Frequently Asked Questions
  • Articles
  • Download Latest Snapshot Builds of XWSS 2.0, XWSS 3.0 and XWSS 3.1
  • Download  jars/poms from Maven Repository
  • Utility Tools
  • Download FCS builds for XWSS 2.0, XWSS 3.0 and XWSS 3.1
  • Governance
  • API Javadoc
  • Important Notice

    • Starting 09/20/2006 : XWSS 2.0 sources will exist in a branch named XWSS_2_0. The Main Trunk of XWSS Project will contain sources for XWSS 3.0. XWSS 3.0 ships into WSIT and has a whole lot of new features including an optimized runtime. So XWSS 3.0 and WSIT Security refer to the same thing going forward. XWSS 3.0 however will continue to support XWSS 2.0 style of security configuration (for backward compatibility reasons).
    • If you have been using XWSS from JWSDP 1.x and JWSDP 2.0 releases and find that your certificates have expired as of 04/12/06 then please download the new Keystores with certificates that will be valid for the next 10 years from the links below.
    You can also get these keystores from the xwss/xwss-ri/etc directory when you checkout the sources of this project from


    Source Code

    • CVS: 3.1    cvs -d co xwss/xwss-ri
    • CVS: 3.0    cvs -d co -r XWSS_3_0 xwss/xwss-ri
    • CVS: 2.0 (FCS)    cvs -d co -r XWSS_2_0 xwss/xwss-ri
    • FishEye:
    • Browse:  source

    Platform Requirements

    XWSS can be used to secure WebServices developed using JAX-RPC as well as JAX-WS. It has the following dependencies on the JRE version and other java technologies.
    • Sun's JDK/JRE 1.5 or Later
    • SAAJ 1.3
    • JAXP 1.3
    • Java Mail
    • JSR 105
    • JAXB 1.0 or 2.0 and later..
    • JSR 173
    For WebServices running under JAX-RPC, a developer can use XWSS2.0 with Sun's JDK/JRE 1.4 (augmented with JAXP 1.3 implementation jars placed in jre/lib/endorsed).



    Latest Builds

    Utility Tools

    Governance :  governance is the same as  GlassFish

    Please Confirm