Skip to main content

XWSS  Project Description

Part of Project GlassFish

XML and Web Services Security 3.0

XML and Web Services Security (XWS-Security), provides a framework within which a JAX-WS and SAAJ application developer can secure applications. Although part of Project GlassFish,  XWSS is also available from's XWSS project.

XWSS 3.0 has a whole lot of new features including realignment with JAXWS 2.1 architecture which gives an impoved performance. Using the XWS-Security framework, developers of JAX-WS can secure their applications by configuring the request and response security policies at the level of service, port, or operation.

XWSS 3.0 also supports WS-Policy, WS-SecurityPolicy, WS-Trust and WS-SecureConversation. Please refer to the WSIT project for additional details. WSIT is also a part of Project Glassfish.  XWSS 3.0 is  delivered as part of the Web Services Interoperability Technology (WSIT/Metro) project, which is an open-source implementation of next generation Web services technologies that deliver interoperability between Java EE and .Net WCF.

 XWSS 3.0 provides XML and Web Services Security (XWS-Security), and implements the OASIS standards for Web Services Security (WSS) Version 1.1. The WSS 1.1 standard can be viewed at

JAX-WS applications running on other containers (such as TOMCAT) can also be secured in two ways :

1.  Install WSIT/METRO on the Container  (Only TOMCAT is oficially supported)
2.  Use XWSS 2.0 Style security. (XWSS 3.0 supports XWSS 2.0 style functionality as well as WSIT/Metro)

 Standalone SAAJ applications can be secured  by using  XWSS API's .

NOTE : You can now use Netbeans to secure your webservices. Samples and documentation regarding these can be found in the WSIT tutorial.

The current implementation of XML and Web Services Security fully supports the implementation of Web Services Security (WSS) Interop scenarios. The following are some of the interoperability scenarios documents that are supported by this implementation:

Questions, Feedback, Bug Reports

Please send questions, comments, and feedback to

Please Confirm