cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r867253 [24/46] - in /websites/production/cxf/content: ./ 2008/04/28/ 2008/06/20/ 2009/02/10/ 2009/08/04/ cache/ docs/ docs/cxf-architecture.thumbs/ docs/cxf-dependency-graphs.thumbs/ docs/logbrowser-configuration.thumbs/ docs/logbrowser-so...
Date Mon, 24 Jun 2013 17:10:57 GMT
Modified: websites/production/cxf/content/docs/jax-rs-oauth2.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-oauth2.html (original)
+++ websites/production/cxf/content/docs/jax-rs-oauth2.html Mon Jun 24 17:10:51 2013
@@ -25,6 +25,18 @@
 <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
 <meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
 <meta name="description" content="Apache CXF, Services Framework - JAX-RS OAuth2">
+
+  <link href='http://cxf.apache.org/resources/highlighter/styles/shCore.css' rel='stylesheet' type='text/css' />
+  <link href='http://cxf.apache.org/resources/highlighter/styles/shThemeCXF.css' rel='stylesheet' type='text/css' />
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shCore.js' type='text/javascript'></script>
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushJava.js' type='text/javascript'></script>
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushXml.js' type='text/javascript'></script>
+  
+  <script type="text/javascript">
+  SyntaxHighlighter.defaults['toolbar'] = false;
+  SyntaxHighlighter.all();
+  </script>
+ 
     <title>
 Apache CXF -- JAX-RS OAuth2
     </title>
@@ -42,19 +54,15 @@ Apache CXF -- JAX-RS OAuth2
     <td id="cell-1-0">&nbsp;</td>
     <td id="cell-1-1">&nbsp;</td>
     <td id="cell-1-2">
-      <div style="padding: 5px;">
-        <div id="banner">
-          <!-- Banner -->
-<div id="banner-content">
+      <!-- Banner -->
+<div class="banner" id="banner"><p>
 <table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
 <a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
 </td><td align="right" colspan="1" nowrap>
 <a shape="rect" href="http://www.apache.org/" title="The Apache Sofware Foundation"><img border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
 </td></tr></table>
-</div>
-          <!-- Banner -->
-        </div>
-      </div>
+</p></div>
+      <!-- Banner -->
       <div id="top-menu">
         <table border="0" cellpadding="1" cellspacing="0" width="100%">
           <tr>
@@ -94,7 +102,7 @@ Apache CXF -- JAX-RS OAuth2
 
 
 <hr>
-<ul class="alternate" type="square"><li>Search
+<ul class="alternate" type="square"><li>Search<br clear="none">
 
 <form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
   <div>
@@ -163,13 +171,13 @@ Apache CXF -- JAX-RS OAuth2
 <h1><a shape="rect" name="JAX-RSOAuth2-Mavendependencies"></a>Maven dependencies</h1>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;dependency&gt;</span>
-  <span class="code-tag">&lt;groupId&gt;</span>org.apache.cxf<span class="code-tag">&lt;/groupId&gt;</span>
-  <span class="code-tag">&lt;artifactId&gt;</span>cxf-rt-rs-security-oauth2<span class="code-tag">&lt;/artifactId&gt;</span>
-  <span class="code-tag">&lt;version&gt;</span>2.7.5<span class="code-tag">&lt;/version&gt;</span>
-<span class="code-tag">&lt;/dependency&gt;</span>
-</pre>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;dependency&gt;
+  &lt;groupId&gt;org.apache.cxf&lt;/groupId&gt;
+  &lt;artifactId&gt;cxf-rt-rs-security-oauth2&lt;/artifactId&gt;
+  &lt;version&gt;2.7.5&lt;/version&gt;
+&lt;/dependency&gt;
+]]></script>
 </div></div>
 
 <h1><a shape="rect" name="JAX-RSOAuth2-ClientRegistration"></a>Client Registration</h1>
@@ -201,17 +209,17 @@ Note CXF may offer an abstract client re
 
 <p>A third-party client redirects the current user to AuthorizationCodeGrantService, for example, here is how a redirection may happen:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 Response-Code: 303
 Headers: {Location=[http://localhost:8080/services/social/authorize?client_id=123456789&amp;scope=updateCalendar-7&amp;response_type=code&amp;redirect_uri=http%3A//localhost%3A8080/services/reservations/reserve/complete&amp;state=1], Date=[Thu, 12 Apr 2012 12:26:21 GMT], Content-Length=[0]}
 
-</pre>
+]]></script>
 </div></div> 
 
 <p>The client application asks the current user (the browser) to go to a new address provided by the Location header and the follow-up request to AuthorizationCodeGrantService will look like this:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 Address: http://localhost:8080/services/social/authorize?client_id=123456789&amp;scope=updateCalendar-7&amp;response_type=code&amp;redirect_uri=http%3A//localhost%3A8080/services/reservations/reserve/complete&amp;state=1
 Http-Method: GET
 Headers: {
@@ -221,17 +229,17 @@ Cookie=[JSESSIONID=suj2wyl54c4g], 
 Referer=[http://localhost:8080/services/forms/reservation.jsp]
 ...
 }
-</pre>
+]]></script>
 </div></div> 
 
 <p>Note that the end user needs to authenticate. The Request URI includes the client_id, custom scope value, response_type set to 'code', the current request state and the redirect uri. Note the scope is optional - the Authorization Service will usually allocate a default scope; however even if the client does include an additional custom scope the end user may still not approve it. The redirect uri is also optional, assuming one or more ones redirect URIs have been provided at the client registration time.</p>
 
 <p>AuthorizationCodeGrantService will report a warning is no secure HTTPS transport is used:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 12-Apr-2012 13:26:21 org.apache.cxf.rs.security.oauth2.services.AbstractOAuthService checkTransportSecurity
 WARNING: Unsecure HTTP, Transport Layer Security is recommended
-</pre>
+]]></script>
 </div></div>
 
 <p>It can also be configured to reject the requests over un-secure HTTP transport.</p>
@@ -248,10 +256,10 @@ WARNING: Unsecure HTTP, Transport Layer 
 
 <p>Assuming RequestDispatcherProvider is used, the following example log shows the initial response from AuthorizationCodeGrantService:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 12-Apr-2012 13:26:21 org.apache.cxf.jaxrs.provider.RequestDispatcherProvider logRedirection
-INFO: Setting an instance of <span class="code-quote">"org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData"</span> as HttpServletRequest attribute <span class="code-quote">"data"</span> and redirecting the response to <span class="code-quote">"/forms/oauthAuthorize.jsp"</span>.
-</pre>
+INFO: Setting an instance of "org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData" as HttpServletRequest attribute "data" and redirecting the response to "/forms/oauthAuthorize.jsp".
+]]></script>
 </div></div>
 
 <p>Note that a "/forms/oauthAuthorize.jsp" view handler will create an HTML view - this is a custom JSP handler and whatever HTML view is required can be created there, using the OAuthAuthorizationData bean for building the view. Most likely you will want to present a form asking the user to allow or deny the client accessing some of this user's resources. If OAuthAuthorizationData has a list of Permissions set then adding the information about the permissions is needed.</p>
@@ -259,7 +267,7 @@ INFO: Setting an instance of <span class
 <p>Next the user makes a decision and selects a button allowing or denying the client accessing the resources. The form data are submitted to AuthorizationCodeGrantService: </p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 Address: http://localhost:8080/services/social/authorize/decision
 Encoding: ISO-8859-1
 Http-Method: POST
@@ -272,7 +280,7 @@ Content-Type=[application/x-www-form-url
 --------------------------------------
 12-Apr-2012 15:36:29 org.apache.cxf.jaxrs.utils.FormUtils logRequestParametersIfNeeded
 INFO: updateCalendar-7_status=allow&amp;readCalendar_status=allow&amp;scope=updateCalendar-7+readCalendar&amp;redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fservices%2Freservations%2Freserve%2Fcomplete&amp;session_authenticity_token=4f0005d9-565f-4309-8ffb-c13c72139ebe&amp;oauthDecision=allow&amp;state=1&amp;client_id=123456789
-</pre>
+]]></script>
 </div></div> 
 
 <p>AuthorizationCodeGrantService will use a 'session_authenticity_token' to validate that the session is valid and will process the user decision next. </p>
@@ -282,27 +290,27 @@ INFO: updateCalendar-7_status=allow&amp;
 <p>Next it will ask OAuthDataProvider to generate an authorization code grant and return it alongside with the state if any by redirecting the current user back to the redirect URI:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 Response-Code: 303
 Headers: {
  Location=[http://localhost:8080/services/reservations/reserve/complete?state=1&amp;code=5c993144b910bccd5977131f7d2629ab], 
  Date=[Thu, 12 Apr 2012 14:36:29 GMT], 
  Content-Length=[0]}
-</pre>
+]]></script>
 </div></div>  
 
 <p>which leads to a browser redirecting the user:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-Address: http:<span class="code-comment">//localhost:8080/services/reservations/reserve/complete?state=1&amp;code=5c993144b910bccd5977131f7d2629ab
-</span>Http-Method: GET
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+Address: http://localhost:8080/services/reservations/reserve/complete?state=1&amp;code=5c993144b910bccd5977131f7d2629ab
+Http-Method: GET
 Headers: {
 Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8],
 Authorization=[Basic YmFycnlAcmVzdGF1cmFudC5jb206NTY3OA==], 
 Cookie=[JSESSIONID=1c289vha0cxfe],
 }
-</pre>
+]]></script>
 </div></div>
 
 <p>If a user decision was set to "deny" then the error will be returned to the client.</p>
@@ -335,7 +343,7 @@ http://localhost:8080/services/social/au
 Here is an example request log:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 Address: http://localhost:8080/services/oauth/token
 Http-Method: POST
 
@@ -347,7 +355,7 @@ Content-Type=[application/x-www-form-url
 Payload: 
 
 grant_type=authorization_code&amp;code=5c993144b910bccd5977131f7d2629ab&amp;redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fservices%2Freservations%2Freserve%2Fcomplete
-</pre>
+]]></script>
 </div></div> 
 
 <p>This request contains a client_id and client_secret (Authorization header), the grant_type, the grant value (code)<br clear="none">
@@ -362,7 +370,7 @@ The grant handlers, such as <a shape="re
 <p>Now that the token has been created, it is mapped by the service to a <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java">client representation</a> and is returned back as a JSON payload:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 Response-Code: 200
 Content-Type: application/json
 Headers: {
@@ -373,14 +381,14 @@ Headers: {
 
 Payload: 
 
-{<span class="code-quote">"access_token"</span>:<span class="code-quote">"5b5c8e677413277c4bb8b740d522b378"</span>, <span class="code-quote">"token_type"</span>:<span class="code-quote">"bearer"</span>}
+{"access_token":"5b5c8e677413277c4bb8b740d522b378", "token_type":"bearer"}
 
-</pre>
+]]></script>
 </div></div> 
 
 <p>The client will use this access token to access the current user's resources in order to complete the original user's request, for example, the request to access a user's calendar may look like this:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 Address: http://localhost:8080/services/thirdPartyAccess/calendar
 Http-Method: GET
 Headers: 
@@ -388,7 +396,7 @@ Headers: 
   Authorization=[Bearer 5b5c8e677413277c4bb8b740d522b378], 
   Accept=[application/xml]
 }
-</pre>
+]]></script>
 </div></div> 
 
 <p>Note that the access token key is passed as the Bearer scheme value. Other token types such as MAC ones, etc, can be represented differently.</p>
@@ -402,31 +410,31 @@ Headers: 
 <p>The following code fragment shows how a <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java">BearerAccessToken</a> utility class can be used to create Bearer tokens:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
 
-<span class="code-keyword">public</span> class CustomOAuthDataProvider <span class="code-keyword">implements</span> AuthorizationCodeDataProvider {
+public class CustomOAuthDataProvider implements AuthorizationCodeDataProvider {
 
-    <span class="code-keyword">public</span> ServerAccessToken createAccessToken(AccessTokenRegistration reg)
-		<span class="code-keyword">throws</span> OAuthServiceException {
+    public ServerAccessToken createAccessToken(AccessTokenRegistration reg)
+		throws OAuthServiceException {
 
-		ServerAccessToken token = <span class="code-keyword">new</span> BearerAccessToken(reg.getClient(), 3600L);
+		ServerAccessToken token = new BearerAccessToken(reg.getClient(), 3600L);
 		
-		List&lt;<span class="code-object">String</span>&gt; scope = reg.getApprovedScope().isEmpty() ? reg.getRequestedScope() 
+		List&lt;String&gt; scope = reg.getApprovedScope().isEmpty() ? reg.getRequestedScope() 
 				                                        : reg.getApprovedScope();
 		token.setScopes(convertScopeToPermissions(reg.getClient(), scope));
 		token.setSubject(reg.getSubject());
 		token.setGrantType(reg.getGrantType());
 		
-                <span class="code-comment">// persist as needed and then <span class="code-keyword">return</span>
-</span>
-		<span class="code-keyword">return</span> token;
+                // persist as needed and then return
+
+		return token;
    }
-   <span class="code-comment">// other methods are not shown
-</span>}
-</pre>
+   // other methods are not shown
+}
+]]></script>
 </div></div>
 
 <p>CustomOAuthDataProvider will also be asked by OAuthRequestFilter to validate the incoming Bearer tokens given that they typically act as database key or key alias, if no Bearer token validator is registered.</p>
@@ -439,37 +447,37 @@ It is recommended that AccessTokenServic
 <p>The following code fragment shows how a <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java">MacAccessToken</a> utility class can be used to create MAC tokens:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.tokens.mac.HmacAlgorithm;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.tokens.mac.MacAccessToken;
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.tokens.mac.HmacAlgorithm;
+import org.apache.cxf.rs.security.oauth2.tokens.mac.MacAccessToken;
 
-<span class="code-keyword">public</span> class CustomOAuthDataProvider <span class="code-keyword">implements</span> AuthorizationCodeDataProvider {
+public class CustomOAuthDataProvider implements AuthorizationCodeDataProvider {
 
-    <span class="code-keyword">public</span> ServerAccessToken createAccessToken(AccessTokenRegistration reg)
-		<span class="code-keyword">throws</span> OAuthServiceException {
+    public ServerAccessToken createAccessToken(AccessTokenRegistration reg)
+		throws OAuthServiceException {
                 
-                <span class="code-comment">// generate
-</span>		ServerAccessToken token = <span class="code-keyword">new</span> MacAccessToken(reg.getClient(), 
+                // generate
+		ServerAccessToken token = new MacAccessToken(reg.getClient(), 
                                                              HmacAlgorithm.HmacSHA1, 
                                                              3600L);
 		
-		<span class="code-comment">// set other token fields as shown in the Bearer section
-</span>		
-                <span class="code-comment">// persist as needed and then <span class="code-keyword">return</span>
-</span>
-		<span class="code-keyword">return</span> token;
+		// set other token fields as shown in the Bearer section
+		
+                // persist as needed and then return
+
+		return token;
    }
-   <span class="code-comment">// other methods are not shown
-</span>}
-</pre>
+   // other methods are not shown
+}
+]]></script>
 </div></div>
 
 <p>One can expect the following response:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 Response-Code: 200
 Content-Type: application/json
 Headers: {
@@ -480,8 +488,8 @@ Headers: {
 
 Payload: 
 
-{<span class="code-quote">"access_token"</span>:<span class="code-quote">"5b5c8e677413277c4bb8b740d522b378"</span>, <span class="code-quote">"token_type"</span>:<span class="code-quote">"mac"</span>, <span class="code-quote">"mac_key"</span>=<span class="code-quote">"1234568"</span>, <span class="code-quote">"mac_algorithm"</span>=<span class="code-quote">"hmac-sha-1"</span>}
-</pre>
+{"access_token":"5b5c8e677413277c4bb8b740d522b378", "token_type":"mac", "mac_key"="1234568", "mac_algorithm"="hmac-sha-1"}
+]]></script>
 </div></div>
 
 <p>Note that 'access_token' is the MAC key identifier.</p>
@@ -491,35 +499,35 @@ Payload: 
 <p>The client can use CXF OAuthClientUtils to create Authorization MAC headers. All is needed is to provide references to ClientAccessToken representing the MAC token issued by AccessTokenService and <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/HttpRequestProperties.java">HttpRequestProperties</a> capturing the information about the current request URI:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-object">String</span> requestURI = <span class="code-quote">"http:<span class="code-comment">//localhost:8080/calendar"</span>;
-</span>WebClient wc = WebClient.create(requestURI);
-
-<span class="code-comment">// represents client registration
-</span>OAuthClientUtils.Consumer consumer = getConsumer();
-<span class="code-comment">// the token issued by AccessTokenService
-</span>ClientAccessToken token = getToken();
-
-HttpRequestProperties httpProps = <span class="code-keyword">new</span> HttpRequestProperties(wc, <span class="code-quote">"GET"</span>);
-<span class="code-object">String</span> authHeader = OAuthClientUtils.createAuthorizationHeader(consumer, token, httpProps);
-wc.header(<span class="code-quote">"Authorization"</span>, authHeader);
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+String requestURI = "http://localhost:8080/calendar";
+WebClient wc = WebClient.create(requestURI);
+
+// represents client registration
+OAuthClientUtils.Consumer consumer = getConsumer();
+// the token issued by AccessTokenService
+ClientAccessToken token = getToken();
+
+HttpRequestProperties httpProps = new HttpRequestProperties(wc, "GET");
+String authHeader = OAuthClientUtils.createAuthorizationHeader(consumer, token, httpProps);
+wc.header("Authorization", authHeader);
 
 Calendar calendar = wc.get(Calendar.class);
-</pre>
+]]></script>
 </div></div> 
 
 <p>This code will result in something like:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 GET /calendar HTTP/1.1
 Host: localhost
 Accept: application/xml
-Authorization: MAC id=<span class="code-quote">"5b5c8e677413277c4bb8b740d522b378"</span>,
-                   nonce=<span class="code-quote">"di3hvdf8"</span>,
-                   mac=<span class="code-quote">"W7bdMZbv9UWOTadASIQHagZyirA="</span>
-                   ts=<span class="code-quote">"12345678"</span> 
-</pre>
+Authorization: MAC id="5b5c8e677413277c4bb8b740d522b378",
+                   nonce="di3hvdf8",
+                   mac="W7bdMZbv9UWOTadASIQHagZyirA="
+                   ts="12345678" 
+]]></script>
 </div></div>
 
 <p>where 'ts' attribute is used to pass a timestamp value.</p>
@@ -626,14 +634,14 @@ Alternatively it makes it easier to supp
 <p>Note that OAuthDataProvider supports retrieving <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java">Client</a> instances but it has no methods for creating or removing Clients. The reason for it is that the process of registering third-party clients is very specific to a particular OAuth2 application, so CXF does not offer a registration support service and hence OAuthDataProvider has no Client create/update methods. You will likely need to do something like this:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">public</span> class CustomOAuthProvider <span class="code-keyword">implements</span> OAuthDataProvider {
-   <span class="code-keyword">public</span> Client registerClient(<span class="code-object">String</span> applicationName, <span class="code-object">String</span> applicationURI, ...) {}
-   <span class="code-keyword">public</span> void removeClient(<span class="code-object">String</span> cliendId) {}
-   <span class="code-comment">// etc
-</span>   <span class="code-comment">// OAuthDataProvider methods
-</span>}
-</pre>
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+public class CustomOAuthProvider implements OAuthDataProvider {
+   public Client registerClient(String applicationName, String applicationURI, ...) {}
+   public void removeClient(String cliendId) {}
+   // etc
+   // OAuthDataProvider methods
+}
+]]></script>
 </div></div>
 
 <p>CustomOAuthProvider will also remove all tokens associated with a given Client in removeClient(String cliendId).</p>
@@ -647,20 +655,20 @@ Alternatively it makes it easier to supp
 Most likely, you'd want to deploy AccessTokenService as an independent JAX-RS endpoint, for example:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag"><span class="code-comment">&lt;!-- implements OAuthDataProvider --&gt;</span></span>
-<span class="code-tag">&lt;bean id=<span class="code-quote">"oauthProvider"</span> class=<span class="code-quote">"oauth.manager.OAuthManager"</span>/&gt;</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;!-- implements OAuthDataProvider --&gt;
+&lt;bean id="oauthProvider" class="oauth.manager.OAuthManager"/&gt;
      
-<span class="code-tag">&lt;bean id=<span class="code-quote">"accessTokenService"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.services.AccessTokenService"</span>&gt;</span>
-  <span class="code-tag">&lt;property name=<span class="code-quote">"dataProvider"</span> ref=<span class="code-quote">"oauthProvider"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
-
-<span class="code-tag">&lt;jaxrs:server id=<span class="code-quote">"oauthServer"</span> address=<span class="code-quote">"/oauth"</span>&gt;</span>
-   <span class="code-tag">&lt;jaxrs:serviceBeans&gt;</span>
-      <span class="code-tag">&lt;ref bean=<span class="code-quote">"accessTokenService"</span>/&gt;</span>
-  <span class="code-tag">&lt;/jaxrs:serviceBeans&gt;</span>
-<span class="code-tag">&lt;/jaxrs:server&gt;</span>
-</pre>
+&lt;bean id="accessTokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"&gt;
+  &lt;property name="dataProvider" ref="oauthProvider"/&gt;
+&lt;/bean&gt;
+
+&lt;jaxrs:server id="oauthServer" address="/oauth"&gt;
+   &lt;jaxrs:serviceBeans&gt;
+      &lt;ref bean="accessTokenService"/&gt;
+  &lt;/jaxrs:serviceBeans&gt;
+&lt;/jaxrs:server&gt;
+]]></script>
 </div></div>  
 
 <p>AccessTokenService listens on a relative "/token" path. Given that jaxrs:server/@adress is "/oauth" and assuming a context name is "/services", the absolute address of AccessTokenService would be something like "http://localhost:8080/services/oauth/token". </p>
@@ -668,25 +676,25 @@ Most likely, you'd want to deploy Access
 <p>If the remote token validation is supported then have AccessTokenValidationService  added too:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag"><span class="code-comment">&lt;!-- implements OAuthDataProvider --&gt;</span></span>
-<span class="code-tag">&lt;bean id=<span class="code-quote">"oauthProvider"</span> class=<span class="code-quote">"oauth.manager.OAuthManager"</span>/&gt;</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;!-- implements OAuthDataProvider --&gt;
+&lt;bean id="oauthProvider" class="oauth.manager.OAuthManager"/&gt;
      
-<span class="code-tag">&lt;bean id=<span class="code-quote">"accessTokenService"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.services.AccessTokenService"</span>&gt;</span>
-  <span class="code-tag">&lt;property name=<span class="code-quote">"dataProvider"</span> ref=<span class="code-quote">"oauthProvider"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
-<span class="code-tag">&lt;bean id=<span class="code-quote">"accessTokenValidateService"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.services.AccessTokenValidateService"</span>&gt;</span>
-  <span class="code-tag">&lt;property name=<span class="code-quote">"dataProvider"</span> ref=<span class="code-quote">"oauthProvider"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
+&lt;bean id="accessTokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"&gt;
+  &lt;property name="dataProvider" ref="oauthProvider"/&gt;
+&lt;/bean&gt;
+&lt;bean id="accessTokenValidateService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenValidateService"&gt;
+  &lt;property name="dataProvider" ref="oauthProvider"/&gt;
+&lt;/bean&gt;
 
 
-<span class="code-tag">&lt;jaxrs:server id=<span class="code-quote">"oauthServer"</span> address=<span class="code-quote">"/oauth"</span>&gt;</span>
-   <span class="code-tag">&lt;jaxrs:serviceBeans&gt;</span>
-      <span class="code-tag">&lt;ref bean=<span class="code-quote">"accessTokenService"</span>/&gt;</span>
-      <span class="code-tag">&lt;ref bean=<span class="code-quote">"accessTokenValidateService"</span>/&gt;</span>
-  <span class="code-tag">&lt;/jaxrs:serviceBeans&gt;</span>
-<span class="code-tag">&lt;/jaxrs:server&gt;</span>
-</pre>
+&lt;jaxrs:server id="oauthServer" address="/oauth"&gt;
+   &lt;jaxrs:serviceBeans&gt;
+      &lt;ref bean="accessTokenService"/&gt;
+      &lt;ref bean="accessTokenValidateService"/&gt;
+  &lt;/jaxrs:serviceBeans&gt;
+&lt;/jaxrs:server&gt;
+]]></script>
 </div></div> 
 
 <p>The absolute address of AccessTokenValidateService would be something like "http://localhost:8080/services/oauth/validate". </p>
@@ -694,20 +702,20 @@ Most likely, you'd want to deploy Access
 <p>AuthorizationCodeGrantService is easier to put where the application endpoints are. It can be put alongside AccessTokenService, but ideally an SSO based authentication solution will be also be deployed, for the end user to avoid signing in separately several times (see more in it below). Here is an example of AuthorizationCodeGrantService being collocated with the application endpoint:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;bean id=<span class="code-quote">"authorizationService"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"</span>&gt;</span>
-  <span class="code-tag">&lt;property name=<span class="code-quote">"dataProvider"</span> ref=<span class="code-quote">"oauthProvider"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
-
-<span class="code-tag">&lt;bean id=<span class="code-quote">"myApp"</span> class=<span class="code-quote">"org.myapp.MyApp"</span>/&gt;</span>
-
-<span class="code-tag">&lt;jaxrs:server id=<span class="code-quote">"appServer"</span> address=<span class="code-quote">"/myapp"</span>&gt;</span>
-   <span class="code-tag">&lt;jaxrs:serviceBeans&gt;</span>
-      <span class="code-tag">&lt;ref bean=<span class="code-quote">"myApp"</span>/&gt;</span>
-      <span class="code-tag">&lt;ref bean=<span class="code-quote">"authorizationService"</span>/&gt;</span>
-  <span class="code-tag">&lt;/jaxrs:serviceBeans&gt;</span>
-<span class="code-tag">&lt;/jaxrs:server&gt;</span>
-</pre>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"&gt;
+  &lt;property name="dataProvider" ref="oauthProvider"/&gt;
+&lt;/bean&gt;
+
+&lt;bean id="myApp" class="org.myapp.MyApp"/&gt;
+
+&lt;jaxrs:server id="appServer" address="/myapp"&gt;
+   &lt;jaxrs:serviceBeans&gt;
+      &lt;ref bean="myApp"/&gt;
+      &lt;ref bean="authorizationService"/&gt;
+  &lt;/jaxrs:serviceBeans&gt;
+&lt;/jaxrs:server&gt;
+]]></script>
 </div></div>
 
 <p>AuthorizationCodeGrantService listens on a relative "/authorize" path so in this case its absolute address will be something like "http://localhost:8080/services/myapp/authorize". This address and that of AccessTokenService will be used by third-party clients.</p>
@@ -736,7 +744,7 @@ Most likely, you'd want to deploy Access
 <p>When checking a request like this:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 Address: http://localhost:8080/services/thirdPartyAccess/calendar
 Http-Method: GET
 Headers: 
@@ -744,7 +752,7 @@ Headers: 
   Authorization=[Bearer 5b5c8e677413277c4bb8b740d522b378], 
   Accept=[application/xml]
 }
-</pre>
+]]></script>
 </div></div> 
 
 <p>the filter will do the following:</p>
@@ -764,24 +772,24 @@ Headers: 
 <p>Here is one example of how OAuthRequestFilter can be configured:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;bean id=<span class="code-quote">"oauthProvider"</span> class=<span class="code-quote">"oauth.manager.OAuthManager"</span>/&gt;</span>
-<span class="code-tag">&lt;bean id=<span class="code-quote">"oauthFiler"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter"</span>&gt;</span>
-  <span class="code-tag">&lt;property name=<span class="code-quote">"dataProvider"</span> ref=<span class="code-quote">"oauthProvider"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
-
-<span class="code-tag">&lt;bean id=<span class="code-quote">"myApp"</span> class=<span class="code-quote">"org.myapp.MyApp"</span>/&gt;</span>
-
-<span class="code-tag">&lt;jaxrs:server id=<span class="code-quote">"fromThirdPartyToMyApp"</span> address=<span class="code-quote">"/thirdparty-to-myapp"</span>&gt;</span>
-   <span class="code-tag">&lt;jaxrs:serviceBeans&gt;</span>
-      <span class="code-tag">&lt;ref bean=<span class="code-quote">"myApp"</span>/&gt;</span>
-  <span class="code-tag">&lt;/jaxrs:serviceBeans&gt;</span>
-  <span class="code-tag">&lt;jaxrs:providers&gt;</span>
-      <span class="code-tag">&lt;ref bean=<span class="code-quote">"oauthFilter"</span>/&gt;</span>
-  <span class="code-tag">&lt;/jaxrs:providers&gt;</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;bean id="oauthProvider" class="oauth.manager.OAuthManager"/&gt;
+&lt;bean id="oauthFiler" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter"&gt;
+  &lt;property name="dataProvider" ref="oauthProvider"/&gt;
+&lt;/bean&gt;
+
+&lt;bean id="myApp" class="org.myapp.MyApp"/&gt;
+
+&lt;jaxrs:server id="fromThirdPartyToMyApp" address="/thirdparty-to-myapp"&gt;
+   &lt;jaxrs:serviceBeans&gt;
+      &lt;ref bean="myApp"/&gt;
+  &lt;/jaxrs:serviceBeans&gt;
+  &lt;jaxrs:providers&gt;
+      &lt;ref bean="oauthFilter"/&gt;
+  &lt;/jaxrs:providers&gt;
   
-<span class="code-tag">&lt;/jaxrs:server&gt;</span>
-</pre>
+&lt;/jaxrs:server&gt;
+]]></script>
 </div></div>
 
 <p>It will rely on an instance of OAuthDataProvider to get the information about the current access token and will validate it.<br clear="none">
@@ -790,38 +798,38 @@ This option works OK for when it is easy
 <p>When one has Authorization and AccessToken service not collocated with the application endpoints, the following may work better:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 
-     <span class="code-tag">&lt;bean id=<span class="code-quote">"tvServiceClientFactory"</span> class=<span class="code-quote">"org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean"</span>&gt;</span>
-         <span class="code-tag">&lt;property name=<span class="code-quote">"address"</span> value=<span class="code-quote">"http://localhost:${http.port}/services/oauth/validate"</span>/&gt;</span>
-         <span class="code-tag">&lt;property name=<span class="code-quote">"headers"</span>&gt;</span>
-            <span class="code-tag">&lt;map&gt;</span>
-               <span class="code-tag">&lt;entry key=<span class="code-quote">"Accept"</span> value=<span class="code-quote">"application/xml"</span>/&gt;</span>
-            <span class="code-tag">&lt;/map&gt;</span>
-         <span class="code-tag">&lt;/property&gt;</span>
-     <span class="code-tag">&lt;/bean&gt;</span>
+     &lt;bean id="tvServiceClientFactory" class="org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean"&gt;
+         &lt;property name="address" value="http://localhost:${http.port}/services/oauth/validate"/&gt;
+         &lt;property name="headers"&gt;
+            &lt;map&gt;
+               &lt;entry key="Accept" value="application/xml"/&gt;
+            &lt;/map&gt;
+         &lt;/property&gt;
+     &lt;/bean&gt;
      
-     <span class="code-tag">&lt;bean id=<span class="code-quote">"tvServiceClient"</span> factory-bean=<span class="code-quote">"tvServiceClientFactory"</span> factory-method=<span class="code-quote">"createWebClient"</span>/&gt;</span>
+     &lt;bean id="tvServiceClient" factory-bean="tvServiceClientFactory" factory-method="createWebClient"/&gt;
 
-     <span class="code-tag">&lt;bean id=<span class="code-quote">"tokenValidator"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.filters.AccessTokenValidatorClient"</span>&gt;</span>
-         <span class="code-tag">&lt;property name=<span class="code-quote">"tokenValidatorClient"</span> ref=<span class="code-quote">"tvServiceClient"</span>/&gt;</span>
-     <span class="code-tag">&lt;/bean&gt;</span>
-
-     <span class="code-tag">&lt;bean id=<span class="code-quote">"oauthFiler"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter"</span>&gt;</span>
-         <span class="code-tag">&lt;property name=<span class="code-quote">"tokenValidator"</span> ref=<span class="code-quote">"tokenValidator"</span>/&gt;</span>
-     <span class="code-tag">&lt;/bean&gt;</span>
-
-<span class="code-tag">&lt;bean id=<span class="code-quote">"myApp"</span> class=<span class="code-quote">"org.myapp.MyApp"</span>/&gt;</span>
-
-<span class="code-tag">&lt;jaxrs:server id=<span class="code-quote">"fromThirdPartyToMyApp"</span> address=<span class="code-quote">"/thirdparty-to-myapp"</span>&gt;</span>
-   <span class="code-tag">&lt;jaxrs:serviceBeans&gt;</span>
-      <span class="code-tag">&lt;ref bean=<span class="code-quote">"myApp"</span>/&gt;</span>
-  <span class="code-tag">&lt;/jaxrs:serviceBeans&gt;</span>
-  <span class="code-tag">&lt;jaxrs:providers&gt;</span>
-      <span class="code-tag">&lt;ref bean=<span class="code-quote">"oauthFilter"</span>/&gt;</span>
-  <span class="code-tag">&lt;/jaxrs:providers&gt;</span>
-<span class="code-tag">&lt;/jaxrs:server&gt;</span>
-</pre>
+     &lt;bean id="tokenValidator" class="org.apache.cxf.rs.security.oauth2.filters.AccessTokenValidatorClient"&gt;
+         &lt;property name="tokenValidatorClient" ref="tvServiceClient"/&gt;
+     &lt;/bean&gt;
+
+     &lt;bean id="oauthFiler" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter"&gt;
+         &lt;property name="tokenValidator" ref="tokenValidator"/&gt;
+     &lt;/bean&gt;
+
+&lt;bean id="myApp" class="org.myapp.MyApp"/&gt;
+
+&lt;jaxrs:server id="fromThirdPartyToMyApp" address="/thirdparty-to-myapp"&gt;
+   &lt;jaxrs:serviceBeans&gt;
+      &lt;ref bean="myApp"/&gt;
+  &lt;/jaxrs:serviceBeans&gt;
+  &lt;jaxrs:providers&gt;
+      &lt;ref bean="oauthFilter"/&gt;
+  &lt;/jaxrs:providers&gt;
+&lt;/jaxrs:server&gt;
+]]></script>
 </div></div>
 
 
@@ -831,29 +839,29 @@ This option works OK for when it is easy
 how one can access a user login name that was used during the end-user authorizing the third-party client. This username will help to uniquely identify the resources that the 3rd party client is now attempting to access. The following code shows one way of how this can be done:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java"> 
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.utils.OAuthContextUtils;
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[ 
+import org.apache.cxf.rs.security.oauth2.utils.OAuthContextUtils;
 
-@Path(<span class="code-quote">"/userResource"</span>)
-<span class="code-keyword">public</span> class ThirdPartyAccessService {
+@Path("/userResource")
+public class ThirdPartyAccessService {
 
     @Context 
-    <span class="code-keyword">private</span> MessageContext mc;
+    private MessageContext mc;
 	
     @GET
-    <span class="code-keyword">public</span> UserResource getUserResource() {
+    public UserResource getUserResource() {
         
-	<span class="code-object">String</span> endUserName = OAuthContextUtils.resolveUserName(mc);
+	String endUserName = OAuthContextUtils.resolveUserName(mc);
 
-	<span class="code-keyword">return</span> findUserResource(endUserName)
+	return findUserResource(endUserName)
     }
 
-    <span class="code-keyword">private</span> UserResource findUserResource(<span class="code-object">String</span> endUserName) {
-        <span class="code-comment">// find and <span class="code-keyword">return</span> UserResource
-</span>    }
+    private UserResource findUserResource(String endUserName) {
+        // find and return UserResource
+    }
 }
 
-</pre>
+]]></script>
 </div></div>
 
 <p>The above shows a fragment of the JAX-RS service managing the access to user resources from authorized 3rd-party clients (see the Design Considerations section for more information).</p>
@@ -863,21 +871,21 @@ how one can access a user login name tha
 <p>Note that starting from CXF 2.7.6 it is also possible to inject OAuthContext as JAX-RS context:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java"> 
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.OAuthContext;
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[ 
+import org.apache.cxf.rs.security.oauth2.common.OAuthContext;
 
-@Path(<span class="code-quote">"/userResource"</span>)
-<span class="code-keyword">public</span> class ThirdPartyAccessService {
+@Path("/userResource")
+public class ThirdPartyAccessService {
 
     @Context 
-    <span class="code-keyword">private</span> OAuthContext context;
+    private OAuthContext context;
 	
     @GET
-    <span class="code-keyword">public</span> UserResource getUserResource() {
-	<span class="code-comment">//....
-</span>    }
+    public UserResource getUserResource() {
+	//....
+    }
 }
-</pre>
+]]></script>
 </div></div> 
 
 <p>org.apache.cxf.rs.security.oauth2.provider.OAuthContextProvider will have to be registered as jaxrs:provider for it to work.</p>
@@ -888,38 +896,38 @@ how one can access a user login name tha
 
 <p>For example, the following custom code can be used by the third-party application:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">public</span> class OAuthClientManager {
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+public class OAuthClientManager {
 	
-	<span class="code-keyword">private</span> WebClient accessTokenService;
-        <span class="code-keyword">private</span> <span class="code-object">String</span> authorizationServiceURI;
-        <span class="code-keyword">private</span> Consumer consumer;
-
-        <span class="code-comment">// inject properties, register the client application...
-</span>
-	<span class="code-keyword">public</span> URI getAuthorizationServiceURI(ReservationRequest request,
+	private WebClient accessTokenService;
+        private String authorizationServiceURI;
+        private Consumer consumer;
+
+        // inject properties, register the client application...
+
+	public URI getAuthorizationServiceURI(ReservationRequest request,
 			                              URI redirectUri,
-			                              /* state */<span class="code-object">String</span> reservationRequestKey) {
-	    <span class="code-object">String</span> scope = OAuthConstants.UPDATE_CALENDAR_SCOPE + request.getHour();
-	    <span class="code-keyword">return</span> OAuthClientUtils.getAuthorizationURI(authorizationServiceURI, 
+			                              /* state */String reservationRequestKey) {
+	    String scope = OAuthConstants.UPDATE_CALENDAR_SCOPE + request.getHour();
+	    return OAuthClientUtils.getAuthorizationURI(authorizationServiceURI, 
 	    		                                consumer.getKey(),
 	    		                                redirectUri.toString(),
 	    		                                reservationRequestKey,
 	    		                                scope);
 	}
-	<span class="code-keyword">public</span> ClientAccessToken getAccessToken(AuthorizationCodeGrant codeGrant) {
-	    <span class="code-keyword">try</span> {
-	        <span class="code-keyword">return</span> OAuthClientUtils.getAccessToken(accessTokenService, consumer, codeGrant);
-	    } <span class="code-keyword">catch</span> (OAuthServiceException ex) {
-	        <span class="code-keyword">return</span> <span class="code-keyword">null</span>;
+	public ClientAccessToken getAccessToken(AuthorizationCodeGrant codeGrant) {
+	    try {
+	        return OAuthClientUtils.getAccessToken(accessTokenService, consumer, codeGrant);
+	    } catch (OAuthServiceException ex) {
+	        return null;
 	    }
 	}
 	
-	<span class="code-keyword">public</span> <span class="code-object">String</span> createAuthorizationHeader(ClientAccessToken token) {
-		<span class="code-keyword">return</span> OAuthClientUtils.createAuthorizationHeader(consumer, token);
+	public String createAuthorizationHeader(ClientAccessToken token) {
+		return OAuthClientUtils.createAuthorizationHeader(consumer, token);
 	}
 }
-</pre>
+]]></script>
 </div></div>    
 
 <p>The reason such a simple wrapper can be introduced is to minimize the exposure to OAuth2 of the main application code to the bare minimum, this is why in this example OAuthServiceExceptions are caught, presumably logged and null values are returned which will indicate to the main code that the request failed. Obviously, OAuthClientUtils can be used directly as well.</p>
@@ -931,21 +939,21 @@ how one can access a user login name tha
 <p>For example, consider a case where a client who already owns an authorized access token and accessing the end user resource gets HTTP 401 error back and the client also owns a refresh token. Here is one possible way to handle it:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
 
-<span class="code-keyword">import</span> javax.ws.rs.NotAuthorizedException;
-<span class="code-keyword">import</span> javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.NotAuthorizedException;
+import javax.ws.rs.core.HttpHeaders;
 
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.Consumer;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrant;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
+import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.Consumer;
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant;
+import org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrant;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 
 
 
-<span class="code-comment">// the pseudo-code <span class="code-keyword">for</span> getting the access token
-</span>Consumer consumer = ...
+// the pseudo-code for getting the access token
+Consumer consumer = ...
 AuthorizationCodeGrant codeGrant = ...
 
 ClientAccessToken accessToken = OAuthClientUtils.getAccessToken(codeGrant, consumer);
@@ -954,32 +962,32 @@ WebClient endUserResourceClient = WebCli
 
 endUserResourceClient.header(HttpHeaders.AUTHORIZATION, 
                              OAuthClientUtils.createAuthorizationHeader(accessToken));
-<span class="code-keyword">try</span> {
-   <span class="code-keyword">return</span> endUserResourceClient.get();
-} <span class="code-keyword">catch</span> (NotAuthorizedException ex) {
-    <span class="code-object">String</span> refreshToken = accessToken.getRefreshToken();
-    <span class="code-keyword">if</span> (refreshToken != <span class="code-keyword">null</span>) {
-        <span class="code-comment">// retry once
-</span>
-        <span class="code-comment">// refresh the token
-</span>        accessToken = OAuthClientUtils.getAccessToken(<span class="code-keyword">new</span> RefreshTokenGrant(refreshToken), consumer);
+try {
+   return endUserResourceClient.get();
+} catch (NotAuthorizedException ex) {
+    String refreshToken = accessToken.getRefreshToken();
+    if (refreshToken != null) {
+        // retry once
+
+        // refresh the token
+        accessToken = OAuthClientUtils.getAccessToken(new RefreshTokenGrant(refreshToken), consumer);
 
-        <span class="code-comment">// reset Authorization header
-</span>        endUserResourceClient.replaceHeader(HttpHeaders.AUTHORIZATION, 
+        // reset Authorization header
+        endUserResourceClient.replaceHeader(HttpHeaders.AUTHORIZATION, 
                              OAuthClientUtils.createAuthorizationHeader(accessToken)); 
 
-        <span class="code-comment">// <span class="code-keyword">try</span> to access the end user resource again
-</span>        <span class="code-keyword">return</span> endUserResourceClient.get();
+        // try to access the end user resource again
+        return endUserResourceClient.get();
         
-    } <span class="code-keyword">else</span> {
-        <span class="code-keyword">throw</span> ex;
+    } else {
+        throw ex;
     }
 
 }
 
 
 
-</pre>
+]]></script>
 </div></div>
 
 <h1><a shape="rect" name="JAX-RSOAuth2-OAuth2withouttheExplicitAuthorization"></a>OAuth2 without the Explicit Authorization</h1>
@@ -999,14 +1007,14 @@ However, supporting other types of end u
 When reporting the optional error properties is actually needed then setting a 'writeCustomErrors' property to 'true' will help:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;bean id=<span class="code-quote">"oauthProvider"</span> class=<span class="code-quote">"oauth2.manager.OAuthManager"</span>/&gt;</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;bean id="oauthProvider" class="oauth2.manager.OAuthManager"/&gt;
 
-<span class="code-tag">&lt;bean id=<span class="code-quote">"accessTokenService"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.services.AccessTokenService"</span>&gt;</span>
-    <span class="code-tag">&lt;property name=<span class="code-quote">"dataProvider"</span> ref=<span class="code-quote">"oauthProvider"</span>/&gt;</span>
-    <span class="code-tag">&lt;property name=<span class="code-quote">"writeCustomErrors"</span> value=<span class="code-quote">"true"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
-</pre>
+&lt;bean id="accessTokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"&gt;
+    &lt;property name="dataProvider" ref="oauthProvider"/&gt;
+    &lt;property name="writeCustomErrors" value="true"/&gt;
+&lt;/bean&gt;
+]]></script>
 </div></div> 
 
 <h1><a shape="rect" name="JAX-RSOAuth2-Designconsiderations"></a>Design considerations</h1>
@@ -1035,51 +1043,51 @@ When reporting the optional error proper
 Perhaps the simplest option is to extend a CXF OAuth2 filter (JAX-RS or servlet one), check Authorization header, if it is OAuth2 then delegate to the superclass, alternatively - proceed with authenticating the end users:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">public</span> class SecurityFilter <span class="code-keyword">extends</span> org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter {
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+public class SecurityFilter extends org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter {
    @Context
-   <span class="code-keyword">private</span> HttpHeaders headers;
+   private HttpHeaders headers;
 
-   <span class="code-keyword">public</span> Response handleRequest(ClassResourceInfo cri, Message message) {
-       <span class="code-object">String</span> header = headers.getRequestHeaders().getFirst(<span class="code-quote">"Authorization"</span>);
-       <span class="code-keyword">if</span> (header.startsWith(<span class="code-quote">"Bearer "</span>)) {
-           <span class="code-keyword">return</span> <span class="code-keyword">super</span>.handleRequest(cri, message);
-       } <span class="code-keyword">else</span> {
-           <span class="code-comment">// authenticate the end user
-</span>       }
+   public Response handleRequest(ClassResourceInfo cri, Message message) {
+       String header = headers.getRequestHeaders().getFirst("Authorization");
+       if (header.startsWith("Bearer ")) {
+           return super.handleRequest(cri, message);
+       } else {
+           // authenticate the end user
+       }
    }
 
 } 
-</pre>
+]]></script>
 </div></div>   
 
 <p>The next issue is how to enforce that the end users can only access the resources they've been authorized to access.<br clear="none">
 For example, consider the following JAX-RS resource class:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-@Path(<span class="code-quote">"calendar"</span>)
-<span class="code-keyword">public</span> class CalendarResource {
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+@Path("calendar")
+public class CalendarResource {
 
    @GET
-   @Path(<span class="code-quote">"{id}"</span>)
-   <span class="code-keyword">public</span> Calendar getPublicCalendar(@PathParam(<span class="code-quote">"id"</span>) <span class="code-object">long</span> id) {
-       <span class="code-comment">// <span class="code-keyword">return</span> the calendar <span class="code-keyword">for</span> a user identified by 'id'
-</span>   }
+   @Path("{id}")
+   public Calendar getPublicCalendar(@PathParam("id") long id) {
+       // return the calendar for a user identified by 'id'
+   }
 
    @GET
-   @Path(<span class="code-quote">"{id}/<span class="code-keyword">private</span>"</span>)
-   <span class="code-keyword">public</span> Calendar getPrivateCalendar(@PathParam(<span class="code-quote">"id"</span>) <span class="code-object">long</span> id) {
-       <span class="code-comment">// <span class="code-keyword">return</span> the calendar <span class="code-keyword">for</span> a user identified by 'id'
-</span>   }
+   @Path("{id}/private")
+   public Calendar getPrivateCalendar(@PathParam("id") long id) {
+       // return the calendar for a user identified by 'id'
+   }
 
    @PUT
-   @Path(<span class="code-quote">"{id}"</span>)
-   <span class="code-keyword">public</span> void updateCalendar(@PathParam(<span class="code-quote">"id"</span>) <span class="code-object">long</span> id, Calendar c) {
-       <span class="code-comment">// update the calendar <span class="code-keyword">for</span> a user identified by 'id'
-</span>   }
+   @Path("{id}")
+   public void updateCalendar(@PathParam("id") long id, Calendar c) {
+       // update the calendar for a user identified by 'id'
+   }
 }
-</pre>
+]]></script>
 </div></div>
 
 <p>Let's assume that the 3rd party client has been allowed to read the public user Calendars at "/calendar/{id}" only, how to make sure that the client won't try to:<br clear="none">

Modified: websites/production/cxf/content/docs/jax-rs-redirection.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-redirection.html (original)
+++ websites/production/cxf/content/docs/jax-rs-redirection.html Mon Jun 24 17:10:51 2013
@@ -25,6 +25,18 @@
 <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
 <meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
 <meta name="description" content="Apache CXF, Services Framework - JAX-RS Redirection">
+
+  <link href='http://cxf.apache.org/resources/highlighter/styles/shCore.css' rel='stylesheet' type='text/css' />
+  <link href='http://cxf.apache.org/resources/highlighter/styles/shThemeCXF.css' rel='stylesheet' type='text/css' />
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shCore.js' type='text/javascript'></script>
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushJava.js' type='text/javascript'></script>
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushXml.js' type='text/javascript'></script>
+  
+  <script type="text/javascript">
+  SyntaxHighlighter.defaults['toolbar'] = false;
+  SyntaxHighlighter.all();
+  </script>
+ 
     <title>
 Apache CXF -- JAX-RS Redirection
     </title>
@@ -42,19 +54,15 @@ Apache CXF -- JAX-RS Redirection
     <td id="cell-1-0">&nbsp;</td>
     <td id="cell-1-1">&nbsp;</td>
     <td id="cell-1-2">
-      <div style="padding: 5px;">
-        <div id="banner">
-          <!-- Banner -->
-<div id="banner-content">
+      <!-- Banner -->
+<div class="banner" id="banner"><p>
 <table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
 <a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
 </td><td align="right" colspan="1" nowrap>
 <a shape="rect" href="http://www.apache.org/" title="The Apache Sofware Foundation"><img border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
 </td></tr></table>
-</div>
-          <!-- Banner -->
-        </div>
-      </div>
+</p></div>
+      <!-- Banner -->
       <div id="top-menu">
         <table border="0" cellpadding="1" cellspacing="0" width="100%">
           <tr>
@@ -94,7 +102,7 @@ Apache CXF -- JAX-RS Redirection
 
 
 <hr>
-<ul class="alternate" type="square"><li>Search
+<ul class="alternate" type="square"><li>Search<br clear="none">
 
 <form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
   <div>
@@ -145,21 +153,21 @@ Apache CXF -- JAX-RS Redirection
 <p>Here are some examples. Lets assume we have a book.war web application deployed.</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;jaxrs:server id=<span class="code-quote">"bookservice1"</span> address=<span class="code-quote">"/bookstore1"</span>&gt;</span>
-    <span class="code-tag">&lt;jaxrs:serviceBeans&gt;</span>
-      <span class="code-tag">&lt;bean class=<span class="code-quote">"org.apache.cxf.systest.jaxrs.BookStoreDispatch"</span>/&gt;</span>
-    <span class="code-tag">&lt;/jaxrs:serviceBeans&gt;</span>		  
-    <span class="code-tag">&lt;jaxrs:providers&gt;</span>
-       <span class="code-tag">&lt;ref bean=<span class="code-quote">"dispatchProvider"</span>/&gt;</span>
-    <span class="code-tag">&lt;/jaxrs:providers&gt;</span> 
-<span class="code-tag">&lt;/jaxrs:server&gt;</span>
-
-<span class="code-tag">&lt;bean id=<span class="code-quote">"dispatchProvider"</span> class=<span class="code-quote">"org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"</span>&gt;</span>
-      <span class="code-tag">&lt;property name=<span class="code-quote">"resourcePath"</span> value=<span class="code-quote">"/book.html"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;jaxrs:server id="bookservice1" address="/bookstore1"&gt;
+    &lt;jaxrs:serviceBeans&gt;
+      &lt;bean class="org.apache.cxf.systest.jaxrs.BookStoreDispatch"/&gt;
+    &lt;/jaxrs:serviceBeans&gt;		  
+    &lt;jaxrs:providers&gt;
+       &lt;ref bean="dispatchProvider"/&gt;
+    &lt;/jaxrs:providers&gt; 
+&lt;/jaxrs:server&gt;
+
+&lt;bean id="dispatchProvider" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"&gt;
+      &lt;property name="resourcePath" value="/book.html"/&gt;
+&lt;/bean&gt;
 
-</pre>
+]]></script>
 </div></div>
 
 <p>The above redirects the response to a default book.html page which is available directly in the /webapps/book folder. Typically one would do it to return some static confirmation to the client. For example, consider a POST form request that has been processed by a given JAX-RS method and the only thing that needs to be done now is to return the HTML confirmation view. Note that JAX-RS MessageBodyWriters are not invoked if the resource method returns no custom object - which is not needed in the case of the static confirmation, so for RequestDispatcherProvider be able to redirect to book.html one should simply introduce say an EmptyConfirmation bean with no properties and return it from the resource method.</p>
@@ -167,29 +175,29 @@ Apache CXF -- JAX-RS Redirection
 <p>Here is another example (omitting jaxrs:server declaration for brewity):</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 
-<span class="code-tag">&lt;bean id=<span class="code-quote">"dispatchProvider"</span> class=<span class="code-quote">"org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"</span>&gt;</span>
-      <span class="code-tag">&lt;property name=<span class="code-quote">"resourcePath"</span> value=<span class="code-quote">"/book.jsp"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
+&lt;bean id="dispatchProvider" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"&gt;
+      &lt;property name="resourcePath" value="/book.jsp"/&gt;
+&lt;/bean&gt;
 
-</pre>
+]]></script>
 </div></div>
 
 <p>The only difference from the previous example is that "/book.jsp" will be delegated to with the task of creating a view. This is a more interesting example and we presume that the resource method returns say an instance of the "org.bar.Book" bean:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-@Path(<span class="code-quote">"/books"</span>)
-<span class="code-keyword">public</span> Resource {
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+@Path("/books")
+public Resource {
     @GET
-    @Produces({<span class="code-quote">"text/html"</span>, <span class="code-quote">"application/xml"</span>})
-    @Path(<span class="code-quote">"{id}"</span>)
-    <span class="code-keyword">public</span> Book getBook(@PathParam(<span class="code-quote">"id"</span>) <span class="code-object">String</span> id) {
-        <span class="code-comment">// <span class="code-keyword">return</span> the book
-</span>    }
+    @Produces({"text/html", "application/xml"})
+    @Path("{id}")
+    public Book getBook(@PathParam("id") String id) {
+        // return the book
+    }
 }
-</pre>
+]]></script>
 </div></div>
 
 <p>Note how non-intrusive RequestDispatcherProvider is as far as writing the JAX-RS resource code is concerned, you simply list supported media types in @Produces as usual. </p>
@@ -197,24 +205,24 @@ Apache CXF -- JAX-RS Redirection
 <p>RequestDispatcherProvider will make an instance of Book available as an HttpServletRequest attribute named "org.bar.Book" by default. this can be customized. If a "beanName" property is set, for example to "book", then book.jsp will access a Book instance as a "book" attribute. If you have say 2 resource methods returning instances of different bean classes, possibly for different view handlers then a beanNames map property can be used, for example: </p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 
-<span class="code-tag">&lt;bean id=<span class="code-quote">"dispatchProvider"</span> class=<span class="code-quote">"org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"</span>&gt;</span>
-      <span class="code-tag">&lt;property name=<span class="code-quote">"classResources"</span>&gt;</span>
-          <span class="code-tag">&lt;map&gt;</span>
-             <span class="code-tag">&lt;entry key=<span class="code-quote">"org.bar.Book"</span>  value=<span class="code-quote">"/book.jsp"</span>/&gt;</span>
-             <span class="code-tag">&lt;entry key=<span class="code-quote">"org.bar.Customer"</span>  value=<span class="code-quote">"/customer.jsp"</span>/&gt;</span>
-          <span class="code-tag">&lt;/map&gt;</span>
-      <span class="code-tag">&lt;/property&gt;</span>
-      <span class="code-tag">&lt;property name=<span class="code-quote">"beanNames"</span>&gt;</span>
-          <span class="code-tag">&lt;map&gt;</span>
-             <span class="code-tag">&lt;entry key=<span class="code-quote">"org.bar.Book"</span>  value=<span class="code-quote">"book"</span>/&gt;</span>
-             <span class="code-tag">&lt;entry key=<span class="code-quote">"org.bar.Customer"</span>  value=<span class="code-quote">"customer"</span>/&gt;</span>
-          <span class="code-tag">&lt;/map&gt;</span>
-      <span class="code-tag">&lt;/property&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
+&lt;bean id="dispatchProvider" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"&gt;
+      &lt;property name="classResources"&gt;
+          &lt;map&gt;
+             &lt;entry key="org.bar.Book"  value="/book.jsp"/&gt;
+             &lt;entry key="org.bar.Customer"  value="/customer.jsp"/&gt;
+          &lt;/map&gt;
+      &lt;/property&gt;
+      &lt;property name="beanNames"&gt;
+          &lt;map&gt;
+             &lt;entry key="org.bar.Book"  value="book"/&gt;
+             &lt;entry key="org.bar.Customer"  value="customer"/&gt;
+          &lt;/map&gt;
+      &lt;/property&gt;
+&lt;/bean&gt;
 
-</pre>
+]]></script>
 </div></div>
 
 <p>The above configuration says that a "book.jsp" resource will handle an instance of Book by accessing it as a "book" attribute and a "customer.jsp" - an instance of Customer by retrieving it as a "customer" attribute. Note you don't need to use the "beanNames" property in such cases, a simpler "beanName" property can do unless you have a single (jsp) resource dealing with both Book and Customer. </p>
@@ -225,17 +233,17 @@ Note that RequestDispatcherProvider can 
 <p>Now, imagine a scenario like this: we have two resource methods returning a ReservationStatus bean. The first method returns a successful confirmation or uses Response.seeOther(...) to redirect to a method handling the failed reservation. So both methods return the same ReservationStatus bean but we will have two different views handling successful and failed reservations respectively. Here is one way to manage it:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;bean id=<span class="code-quote">"reserveRegistrationViews"</span> class=<span class="code-quote">"org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"</span>&gt;</span>
-         <span class="code-tag">&lt;property name=<span class="code-quote">"resourcePaths"</span>&gt;</span>
-            <span class="code-tag">&lt;map&gt;</span>
-              <span class="code-tag">&lt;entry key=<span class="code-quote">"/reservations/reserve/complete"</span> value=<span class="code-quote">"/forms/reservationConfirm.jsp"</span>/&gt;</span>
-              <span class="code-tag">&lt;entry key=<span class="code-quote">"/reservations/reserve/failure"</span> value=<span class="code-quote">"/forms/reservationFailure.jsp"</span>/&gt;</span>
-            <span class="code-tag">&lt;/map&gt;</span>
-         <span class="code-tag">&lt;/property&gt;</span>
-         <span class="code-tag">&lt;property name=<span class="code-quote">"beanName"</span> value=<span class="code-quote">"data"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
-</pre>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;bean id="reserveRegistrationViews" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"&gt;
+         &lt;property name="resourcePaths"&gt;
+            &lt;map&gt;
+              &lt;entry key="/reservations/reserve/complete" value="/forms/reservationConfirm.jsp"/&gt;
+              &lt;entry key="/reservations/reserve/failure" value="/forms/reservationFailure.jsp"/&gt;
+            &lt;/map&gt;
+         &lt;/property&gt;
+         &lt;property name="beanName" value="data"/&gt;
+&lt;/bean&gt;
+]]></script>
 </div></div>
 
 <p>Given that the same ReservationStatus bean is returned in both cases, it is actually the original request URI fragments which are used to match which view handler will deal with a given ReservationStatus, example, a response to request URI "http://localhost:8080/reservations/reserve/complete" will be handled by "/forms/reservationConfirm.jsp".  </p>
@@ -246,89 +254,89 @@ such ones as "jsp" or "default", especia
 <p>Next, imagine a scenario like this: we have a single resource method accepting some data and the response view will need to be different depending on the status of the request processing. Using enumerations is the most effective option in this case:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">package</span> resource;
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+package resource;
 
-<span class="code-keyword">public</span> class Status {
+public class Status {
     UPDATE_SUCCESS,
     UPDATE_FAILURE
 }
 
-@Path(<span class="code-quote">"/"</span>)
-<span class="code-keyword">public</span> class Resource {
+@Path("/")
+public class Resource {
 
   @PUT
-  @Produces(<span class="code-quote">"text/html"</span>)
-  <span class="code-keyword">public</span> Response update(SomeData data) {
-     <span class="code-keyword">if</span> (update(data)) {
-         <span class="code-keyword">return</span> Response.ok(Status.UPDATE_SUCCESS).build();
-     } <span class="code-keyword">else</span> {
-         <span class="code-keyword">return</span> Response.ok(Status.UPDATE_FAILURE).build();  
+  @Produces("text/html")
+  public Response update(SomeData data) {
+     if (update(data)) {
+         return Response.ok(Status.UPDATE_SUCCESS).build();
+     } else {
+         return Response.ok(Status.UPDATE_FAILURE).build();  
      }
   } 
 } 
-</pre>
+]]></script>
 </div></div>
 
 
 <p>Next, you may have a single JSP handler which will check whether it is Status.UPDATE_SUCCESS or Status.UPDATE_FAILURE and format the response accordingly. In this case a basic RequestDispatcherProvider configuration will do:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 
-<span class="code-tag">&lt;bean id=<span class="code-quote">"dispatchProvider"</span> class=<span class="code-quote">"org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"</span>&gt;</span>
-      <span class="code-tag">&lt;property name=<span class="code-quote">"resourcePath"</span> value=<span class="code-quote">"/updateStatus.jsp"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
+&lt;bean id="dispatchProvider" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"&gt;
+      &lt;property name="resourcePath" value="/updateStatus.jsp"/&gt;
+&lt;/bean&gt;
 
-</pre>
+]]></script>
 </div></div>
 
 <p>Alternatively you may have a dedicated view handler dealing with the specific status, in this case either:   </p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;bean id=<span class="code-quote">"reserveRegistrationViews"</span> class=<span class="code-quote">"org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"</span>&gt;</span>
-         <span class="code-tag">&lt;property name=<span class="code-quote">"classResources"</span>&gt;</span>
-            <span class="code-tag">&lt;map&gt;</span>
-              <span class="code-tag">&lt;entry key=<span class="code-quote">"resource.Status.UPDATE_SUCCESS"</span> value=<span class="code-quote">"/forms/updateSuccess.jsp"</span>/&gt;</span>
-              <span class="code-tag">&lt;entry key=<span class="code-quote">"resource.Status.UPDATE_FAILURE"</span> value=<span class="code-quote">"/forms/updateFailure.jsp"</span>/&gt;</span>
-            <span class="code-tag">&lt;/map&gt;</span>
-         <span class="code-tag">&lt;/property&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
-</pre>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;bean id="reserveRegistrationViews" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"&gt;
+         &lt;property name="classResources"&gt;
+            &lt;map&gt;
+              &lt;entry key="resource.Status.UPDATE_SUCCESS" value="/forms/updateSuccess.jsp"/&gt;
+              &lt;entry key="resource.Status.UPDATE_FAILURE" value="/forms/updateFailure.jsp"/&gt;
+            &lt;/map&gt;
+         &lt;/property&gt;
+&lt;/bean&gt;
+]]></script>
 </div></div>
 
 <p>or, starting from CXF 2.7.1,</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-&lt;beans xmlns=<span class="code-quote">"http://www.springframework.org/schema/beans"</span>
-      <span class="code-keyword">xmlns:xsi</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema-instance"</span>
-      <span class="code-keyword">xmlns:util</span>=<span class="code-quote">"http://www.springframework.org/schema/util"</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;beans xmlns="http://www.springframework.org/schema/beans"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xmlns:util="http://www.springframework.org/schema/util"
       xsi:schemaLocation="
 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"&gt;
 
-<span class="code-tag">&lt;bean id=<span class="code-quote">"reserveRegistrationViews"</span> class=<span class="code-quote">"org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"</span>&gt;</span>
-         <span class="code-tag">&lt;property name=<span class="code-quote">"enumResources"</span>&gt;</span>
-            <span class="code-tag">&lt;map&gt;</span>
+&lt;bean id="reserveRegistrationViews" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"&gt;
+         &lt;property name="enumResources"&gt;
+            &lt;map&gt;
               &lt;entry 
-                 <span class="code-tag">&lt;key&gt;</span>
-                    <span class="code-tag">&lt;util:constant static-field=<span class="code-quote">"resource.Status.UPDATE_SUCCESS"</span>/&gt;</span>
-                 <span class="code-tag">&lt;/key&gt;</span> 
-                 <span class="code-tag">&lt;value&gt;</span>/forms/updateSuccess.jsp<span class="code-tag">&lt;/value&gt;</span>
-              <span class="code-tag">&lt;/entry&gt;</span>
+                 &lt;key&gt;
+                    &lt;util:constant static-field="resource.Status.UPDATE_SUCCESS"/&gt;
+                 &lt;/key&gt; 
+                 &lt;value&gt;/forms/updateSuccess.jsp&lt;/value&gt;
+              &lt;/entry&gt;
               &lt;entry 
-                 <span class="code-tag">&lt;key&gt;</span>
-                    <span class="code-tag">&lt;util:constant static-field=<span class="code-quote">"resource.Status.UPDATE_FAILURE"</span>/&gt;</span>
-                 <span class="code-tag">&lt;/key&gt;</span> 
-                 <span class="code-tag">&lt;value&gt;</span>/forms/updateFailure.jsp<span class="code-tag">&lt;/value&gt;</span>
-              <span class="code-tag">&lt;/entry&gt;</span> 
-            <span class="code-tag">&lt;map&gt;</span>
-         <span class="code-tag">&lt;/property&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
-<span class="code-tag">&lt;/beans&gt;</span>
-</pre>
+                 &lt;key&gt;
+                    &lt;util:constant static-field="resource.Status.UPDATE_FAILURE"/&gt;
+                 &lt;/key&gt; 
+                 &lt;value&gt;/forms/updateFailure.jsp&lt;/value&gt;
+              &lt;/entry&gt; 
+            &lt;map&gt;
+         &lt;/property&gt;
+&lt;/bean&gt;
+&lt;/beans&gt;
+]]></script>
 </div></div>
 
 <p>will help.</p>
@@ -337,12 +345,12 @@ http://www.springframework.org/schema/ut
 <p>Starting from CXF 2.6.1 it is possible to configure the provider to check if the current class has an associated view handler or not, for example:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;bean id=<span class="code-quote">"viewHandler"</span> class=<span class="code-quote">"org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"</span>&gt;</span>
-         <span class="code-tag">&lt;property name=<span class="code-quote">"dispatcherName"</span> value=jsp""/&gt;</span>
-         <span class="code-tag">&lt;property name=<span class="code-quote">"useClassNames"</span> value=<span class="code-quote">"true"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
-</pre>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;bean id="viewHandler" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"&gt;
+         &lt;property name="dispatcherName" value=jsp""/&gt;
+         &lt;property name="useClassNames" value="true"/&gt;
+&lt;/bean&gt;
+]]></script>
 </div></div>
 
 <p>For example, given a simple class name such as "BookInfo", RequestDispatcherProvider will check if a "/WEB-INF/bookInfo.jsp" handler is available or not. The provider will likely be extended to check few more locations as needed.  </p>
@@ -357,21 +365,21 @@ http://www.springframework.org/schema/ut
 <p>To get RequestDispatcherProvider log the information about redirects, please set a 'logRedirects' property:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;bean id=<span class="code-quote">"reserveRegistrationViews"</span> class=<span class="code-quote">"org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"</span>&gt;</span>
-         <span class="code-tag">&lt;property name=<span class="code-quote">"logRedirects"</span> value=<span class="code-quote">"true"</span>/&gt;</span>
-         <span class="code-tag"><span class="code-comment">&lt;!-- other properties as needed --&gt;</span></span> 
-<span class="code-tag">&lt;/bean&gt;</span>
-</pre>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;bean id="reserveRegistrationViews" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"&gt;
+         &lt;property name="logRedirects" value="true"/&gt;
+         &lt;!-- other properties as needed --&gt; 
+&lt;/bean&gt;
+]]></script>
 </div></div>
 
 <p>You will see the logging entry like this one:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
 23-Jul-2012 11:26:13 org.apache.cxf.jaxrs.provider.RequestDispatcherProvider logRedirection
 
-INFO: Setting an instance of <span class="code-quote">"oauth2.common.ConsumerRegistration"</span> as HttpServletRequest attribute <span class="code-quote">"newClient"</span> and redirecting the response to <span class="code-quote">"/forms/registerAppConfirm.jsp"</span>
-</pre>
+INFO: Setting an instance of "oauth2.common.ConsumerRegistration" as HttpServletRequest attribute "newClient" and redirecting the response to "/forms/registerAppConfirm.jsp"
+]]></script>
 </div></div>
 
 <h1><a shape="rect" name="JAX-RSRedirection-WithCXFServlet"></a>With CXFServlet</h1>
@@ -384,12 +392,12 @@ INFO: Setting an instance of <span class
 
 <p>If you have CXFServlet listening on "/" (thus effectively catching all the requests) and also would like to use RequestDispatcherProvider, then make sure that a 'dispatcherName' property is also set, for example:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;bean id=<span class="code-quote">"dispatchProvider"</span> class=<span class="code-quote">"org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"</span>&gt;</span>
-    <span class="code-tag">&lt;property name=<span class="code-quote">"dispatcherName"</span> value=<span class="code-quote">"jsp"</span>/&gt;</span>
-    <span class="code-tag">&lt;property name=<span class="code-quote">"resourcePath"</span> value=<span class="code-quote">"/WEB-INF/jsp/test.jsp"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span> 
-</pre>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;bean id="dispatchProvider" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"&gt;
+    &lt;property name="dispatcherName" value="jsp"/&gt;
+    &lt;property name="resourcePath" value="/WEB-INF/jsp/test.jsp"/&gt;
+&lt;/bean&gt; 
+]]></script>
 </div></div>
 
 <p>If resources which are redirected to can be made public (i.e, moved out of /WEB-INF) then alternative option (instead of adding a 'dispatcherName' property to RequestDispatcherProvider and still have CXFServlet listening on '/') is to configure both RequestDispatcherProvider and CXFServlet to redirect to resources such as "/jsp/test.jsp". </p>
@@ -397,25 +405,25 @@ INFO: Setting an instance of <span class
 <p>Also if you have many public view handlers then rather than having a "dispatcherName" property set on every dispatcher bean, you can get it set only once on CXFServlet:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;servlet&gt;</span>
-        <span class="code-tag">&lt;servlet-name&gt;</span>RESTServlet<span class="code-tag">&lt;/servlet-name&gt;</span>
-        <span class="code-tag">&lt;servlet-class&gt;</span>org.apache.cxf.transport.servlet.CXFServlet<span class="code-tag">&lt;/servlet-class&gt;</span>
-        <span class="code-tag">&lt;init-param&gt;</span>
-    	   <span class="code-tag">&lt;param-name&gt;</span>redirects-list<span class="code-tag">&lt;/param-name&gt;</span>
-	   <span class="code-tag">&lt;param-value&gt;</span>/forms/.*<span class="code-tag">&lt;/param-value&gt;</span>
-	<span class="code-tag">&lt;/init-param&gt;</span>
-	<span class="code-tag">&lt;init-param&gt;</span>
-    	   <span class="code-tag">&lt;param-name&gt;</span>redirect-servlet-name<span class="code-tag">&lt;/param-name&gt;</span>
-	   <span class="code-tag">&lt;param-value&gt;</span>jsp<span class="code-tag">&lt;/param-value&gt;</span>
-	<span class="code-tag">&lt;/init-param&gt;</span>
-	<span class="code-tag">&lt;load-on-startup&gt;</span>1<span class="code-tag">&lt;/load-on-startup&gt;</span>
-    <span class="code-tag">&lt;/servlet&gt;</span>
-    <span class="code-tag">&lt;servlet-mapping&gt;</span>
-        <span class="code-tag">&lt;servlet-name&gt;</span>RESTServlet<span class="code-tag">&lt;/servlet-name&gt;</span>
-        <span class="code-tag">&lt;url-pattern&gt;</span>/*<span class="code-tag">&lt;/url-pattern&gt;</span>
-    <span class="code-tag">&lt;/servlet-mapping&gt;</span>
-</pre>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;servlet&gt;
+        &lt;servlet-name&gt;RESTServlet&lt;/servlet-name&gt;
+        &lt;servlet-class&gt;org.apache.cxf.transport.servlet.CXFServlet&lt;/servlet-class&gt;
+        &lt;init-param&gt;
+    	   &lt;param-name&gt;redirects-list&lt;/param-name&gt;
+	   &lt;param-value&gt;/forms/.*&lt;/param-value&gt;
+	&lt;/init-param&gt;
+	&lt;init-param&gt;
+    	   &lt;param-name&gt;redirect-servlet-name&lt;/param-name&gt;
+	   &lt;param-value&gt;jsp&lt;/param-value&gt;
+	&lt;/init-param&gt;
+	&lt;load-on-startup&gt;1&lt;/load-on-startup&gt;
+    &lt;/servlet&gt;
+    &lt;servlet-mapping&gt;
+        &lt;servlet-name&gt;RESTServlet&lt;/servlet-name&gt;
+        &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
+    &lt;/servlet-mapping&gt;
+]]></script>
 </div></div>
 
 <p>Here we have all the requests targeted at /form/* (example, /form/book.jsp, etc) handled by a jsp handler.</p>



Mime
View raw message