cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r1012908 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html
Date Fri, 26 May 2017 12:47:44 GMT
Author: buildbot
Date: Fri May 26 12:47:44 2017
New Revision: 1012908

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jax-rs-jose.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Fri May 26 12:47:44 2017
@@ -119,11 +119,11 @@ Apache CXF -- JAX-RS JOSE
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><p>&#160;</p><p>&#160;</p><p><style
type="text/css">/*<![CDATA[*/
-div.rbtoc1494946025536 {padding: 0px;}
-div.rbtoc1494946025536 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1494946025536 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1495802825236 {padding: 0px;}
+div.rbtoc1495802825236 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1495802825236 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1494946025536">
+/*]]>*/</style></p><div class="toc-macro rbtoc1495802825236">
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAX-RSJOSE-MavenDependencies">Maven Dependencies</a></li><li><a
shape="rect" href="#JAX-RSJOSE-JavaandJCEPolicy">Java and JCE Policy&#160;</a></li><li><a
shape="rect" href="#JAX-RSJOSE-JOSEOverviewandImplementation">JOSE Overview and Implementation</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWAAlgorithms">JWA
Algorithms</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWKKeys">JWK
Keys</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSSignature">JWS
Signature</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-SignatureandVerificationProviders">Signature
and Verification Providers</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSCompact">JWS
Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSON">JWS
JSON</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithDetachedContent">JWS
with Detached Content</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithUnencodedPayload">JWS
with Unencoded Payload</a></li></ul>
@@ -131,7 +131,11 @@ div.rbtoc1494946025536 li {margin-left:
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-KeyandContentEncryptionProviders">Key
and Content Encryption Providers</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWECompact">JWE
Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWEJSON">JWE
JSON</a></li></ul>
 </li><li><a shape="rect" href="#JAX-RSJOSE-JSONWebToken">JSON Web Token</a></li><li><a
shape="rect" href="#JAX-RSJOSE-JWSandJWECombined">JWS and JWE Combined</a></li></ul>
 </li><li><a shape="rect" href="#JAX-RSJOSE-JOSEJAX-RSFilters">JOSE JAX-RS
Filters</a>
-<ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWS">JWS</a></li><li><a
shape="rect" href="#JAX-RSJOSE-SigningandVerificationofHTTPAttachments">Signing and Verification
of HTTP Attachments</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWE">JWE</a></li><li><a
shape="rect" href="#JAX-RSJOSE-LinkingJWTauthenticationstoJWSorJWEcontent">Linking JWT
authentications to JWS or JWE content</a></li><li><a shape="rect" href="#JAX-RSJOSE-OptionalprotectionofHTTPheaders">Optional
protection of HTTP headers</a></li></ul>
+<ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWS">JWS</a>
+<ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWSCompact.1">JWS
Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSCompactWithUnencodedPayload">JWS
Compact With Unencoded Payload</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSON.1">JWS
JSON</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSONwithUnencodedPayload">JWS
JSON with Unencoded Payload</a></li></ul>
+</li><li><a shape="rect" href="#JAX-RSJOSE-SigningandVerificationofHTTPAttachments">Signing
and Verification of HTTP Attachments</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWE">JWE</a>
+<ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWECompact.1">JWE
Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWEJSON.1">JWE
JSON</a></li></ul>
+</li><li><a shape="rect" href="#JAX-RSJOSE-LinkingJWTauthenticationstoJWSorJWEcontent">Linking
JWT authentications to JWS or JWE content</a></li><li><a shape="rect"
href="#JAX-RSJOSE-OptionalprotectionofHTTPheaders">Optional protection of HTTP headers</a></li></ul>
 </li><li><a shape="rect" href="#JAX-RSJOSE-Configuration">Configuration</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-ConfigurationPropertyContainers">Configuration
Property Containers</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-Signature">Signature</a></li><li><a
shape="rect" href="#JAX-RSJOSE-Encryption">Encryption</a></li></ul>
@@ -415,7 +419,7 @@ public class BookStore {
         return book;
     }
 }</pre>
-</div></div><p>would expect JWS and/or JWE processing done before the resource
method is invoked or after this method returned some response.</p><p>This is what
CXF JOSE JAX-RS filters do, they help the client or server code get the application data JWS-
or JWE-secured. The filters do it by loadng the configuration properties as described below
in the Configuration section, and produce or consume JWS or JWE sequences.</p><p>Note,
JWS Compact and JSON, as well as JWE Compact client and server output filters can do the best
effort at keeping the <strong>streaming</strong> process going while they are
signing or encrypting the payload. JWE JSON client/server output filter and JWS Compact client/server
input filters will be enhanced in due time to support the streaming too. Most of CXF JOSE
system tests enable the streaming capable filters to stream. &#160;</p><p>JWS
and JWE JSON input filters are expected to process JSON containers with the properties set
in a random order hence by def
 ault they wil not stream the data in. &#160;</p><p>Register both JWS and
JWE out filters if the data need to be signed and encrypted (the filters are ordered such
that the data are signed first and encrypted next) and JWS and JWE in filters if the signed
data need to be decrypted first and then verified.</p><h2 id="JAX-RSJOSE-JWS">JWS</h2><p><a
shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java"
rel="nofollow">JwsWriterInterceptor</a> creates compact JWS sequences on the client
or server out directions. For example, if you have the client code posting a Book or the server
code returning a Book, with this Book representation expected to be signed, then add&#160;<a
shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsW
 riterInterceptor.java" rel="nofollow">JwsWriterInterceptor</a> and set the signature
properties on the JAX-RS client or server.</p><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java"
rel="nofollow">JwsClientResponseFilter</a> and <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java"
rel="nofollow">JwsContainerRequestFilter</a> process the incoming client or server
Compact JWS sequences.</p><p>Here is an example of a JSON Book representation
being HS256 signed and converted into&#160; Compact JWS and POSTed to the target service:</p><div
class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
+</div></div><p>would expect JWS and/or JWE processing done before the resource
method is invoked or after this method returned some response.</p><p>This is what
CXF JOSE JAX-RS filters do, they help the client or server code get the application data JWS-
or JWE-secured. The filters do it by loadng the configuration properties as described below
in the Configuration section, and produce or consume JWS or JWE sequences.</p><p>Note,
JWS Compact and JSON, as well as JWE Compact client and server output filters can do the best
effort at keeping the <strong>streaming</strong> process going while they are
signing or encrypting the payload. JWE JSON client/server output filter and JWS Compact client/server
input filters will be enhanced in due time to support the streaming too. Most of CXF JOSE
system tests enable the streaming capable filters to stream. &#160;</p><p>JWS
and JWE JSON input filters are expected to process JSON containers with the properties set
in a random order hence by def
 ault they wil not stream the data in. &#160;</p><p>Register both JWS and
JWE out filters if the data need to be signed and encrypted (the filters are ordered such
that the data are signed first and encrypted next) and JWS and JWE in filters if the signed
data need to be decrypted first and then verified.</p><h2 id="JAX-RSJOSE-JWS">JWS</h2><h3
id="JAX-RSJOSE-JWSCompact.1">JWS Compact</h3><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java"
rel="nofollow">JwsWriterInterceptor</a> creates compact JWS sequences on the client
or server out directions. For example, if you have the client code posting a Book or the server
code returning a Book, with this Book representation expected to be signed, then add&#160;<a
shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/mai
 n/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java" rel="nofollow">JwsWriterInterceptor</a>
and set the signature properties on the JAX-RS client or server.</p><p><a shape="rect"
class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java"
rel="nofollow">JwsClientResponseFilter</a> and <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java"
rel="nofollow">JwsContainerRequestFilter</a> process the incoming client or server
Compact JWS sequences.</p><p>Here is an example of a JSON Book representation
being HS256 signed and converted into&#160; Compact JWS and POSTed to the target service:</p><div
class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelCon
 tent">
 <pre>Address: https://localhost:9001/jwsjwkhmac/bookstore/books
 Http-Method: POST
 Content-Type: application/jose
@@ -446,7 +450,9 @@ INFO: JWS Headers:
        &#160;JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
         // enable streaming 
        &#160;jwsWriter.setUseJwsOutputStream(true);
-        providers.add(jwsWriter);
+        // The payload is encoded by default, disable it if required
+        // jwsWriter.setEncodePayload(false);
+       &#160;providers.add(jwsWriter);
         // JWS Compact In
        &#160;providers.add(new JwsClientResponseFilter());
         // Book to/from JSON
@@ -460,14 +466,14 @@ INFO: JWS Headers:
         
         return bean.create(BookStore.class);
     }</pre>
-</div></div><p>The above code shows a client proxy code but WebClient can
be created instead. The server is configured <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml#L197"
rel="nofollow">here</a>. The client can be configured in Spring/Blueprint too.</p><p>Starting
from CXF 3.1.7 it is also possible to produce JWS Compact sequences with the unencoded payload
(See JWS With Clear Payload above for restrictions).</p><p>Here is an example
of a plain text "book" being HS256-signed, converted into JWS Compact and POSTed to the target
service:</p><div class="preformatted panel" style="border-width: 1px;"><div
class="preformattedContent panelContent">
+</div></div><p>The above code shows a client proxy code but WebClient can
be created instead. The server is configured <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml#L197"
rel="nofollow">here</a>. The client can be configured in Spring/Blueprint too.</p><h3
id="JAX-RSJOSE-JWSCompactWithUnencodedPayload">JWS Compact With Unencoded Payload</h3><p>Starting
from CXF 3.1.7 it is also possible to produce JWS Compact sequences with the unencoded payload
(See JWS With Unencoded Payload above for restrictions).</p><p>Here is an example
of a plain text "book" being HS256-signed, converted into JWS Compact and POSTed to the target
service:</p><div class="preformatted panel" style="border-width: 1px;"><div
class="preformattedContent panelContent">
 <pre>Address: https://localhost:9001/jwsjwkhmac/bookstore/books
 Http-Method: POST
 Content-Type: application/jose
 Payload: eyJhbGciOiJIUzI1NiIsImN0eSI6InRleHQvcGxhaW4iLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ.
          book.
          fM7O2IVO3NsQeTGrFiMeLf_TKTsMSqnqmjnK40PwQ88</pre>
-</div></div><p>Note that a 2nd part, "book", is not Base64Url encoded.</p><p><a
shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java"
rel="nofollow">JwsJsonWriterInterceptor</a> creates JWS JSON sequences on the client
or server out directions.&#160;</p><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java"
rel="nofollow">JwsJsonClientResponseFilter</a> and <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java"
rel="nofollow">JwsJsonContainerRequestFilter</a> process the incoming client or server
Compact JWS sequences.</p><p>H
 ere is an example of a plain text "book" being HS256-signed, converted into JWS JSON and
POSTed to the target service:</p><div class="preformatted panel" style="border-width:
1px;"><div class="preformattedContent panelContent">
+</div></div><p>Note that a 2nd part, "book", is not Base64Url encoded.
Set an 'encodePayload' option on the request or response JWS Compact filter to 'false'.</p><h3
id="JAX-RSJOSE-JWSJSON.1">JWS JSON</h3><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java"
rel="nofollow">JwsJsonWriterInterceptor</a> creates JWS JSON sequences on the client
or server out directions.&#160;</p><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java"
rel="nofollow">JwsJsonClientResponseFilter</a> and <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerReques
 tFilter.java" rel="nofollow">JwsJsonContainerRequestFilter</a> process the incoming
client or server Compact JWS sequences.</p><p>Here is an example of a plain text
"book" being HS256-signed, converted into JWS JSON and POSTed to the target service:</p><div
class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
 <pre>Http-Method: POST
 Content-Type: application/jose+json
 Payload: 
@@ -481,7 +487,7 @@ Payload:
      }
    ]
 }</pre>
-</div></div><p>Note the Base64Url encoded payload goes first, followed
by the 'signatures' array, with each element containing the protected headers and the actual
signature specific to a given signature key.</p><p>Enabling the clear JWS payload
option wilkl produce:</p><div class="preformatted panel" style="border-width: 1px;"><div
class="preformattedContent panelContent">
+</div></div><p>Note the Base64Url encoded payload goes first, followed
by the 'signatures' array, with each element containing the protected headers and the actual
signature specific to a given signature key.</p><h3 id="JAX-RSJOSE-JWSJSONwithUnencodedPayload">JWS
JSON with Unencoded Payload</h3><p>Enabling the unencoded JWS payload option will
produce:</p><div class="preformatted panel" style="border-width: 1px;"><div
class="preformattedContent panelContent">
 <pre>{
  "payload" : "book",  
  "signatures": 
@@ -617,7 +623,7 @@ Content-ID: &lt;signature&gt;
 
 {"protected":"eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJIUzI1NiJ9","signature":"LWMjPoronjdGmJFAAIuCc_qh9sI2i5Jc2onBd-fHdMM"}
 --uuid:75b37fab-1745-45b7-93ac-15aa9add9b25--</pre>
-</div></div><h2 id="JAX-RSJOSE-JWE">JWE</h2><p><a shape="rect"
class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java"
rel="nofollow">JweWriterInterceptor</a> creates Compact JWE sequences on the client
or server out directions. For example, if you have the client code posting a Book or the server
code returning a Book, with this Book representation expected to be encrypted, then add&#160;<a
shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java"
rel="nofollow">JweWriterInterceptor</a> and set the encryption properties on the
JAX-RS client or server.</p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/sec
 urity/jose/jaxrs/JweClientResponseFilter.java" rel="nofollow">JweClientResponseFilter</a>
and <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java"
rel="nofollow">JweContainerRequestFilter</a> process the incoming client or server
Compact JWE sequences.</p><p>Here is an example of a plain text "book" being encrypted
with the A128KW key and A128GCM content encryption (see JWE section above), converted into
Compact JWE and POSTed to the target service:</p><div class="preformatted panel"
style="border-width: 1px;"><div class="preformattedContent panelContent">
+</div></div><h2 id="JAX-RSJOSE-JWE">JWE</h2><h3 id="JAX-RSJOSE-JWECompact.1">JWE
Compact</h3><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java"
rel="nofollow">JweWriterInterceptor</a> creates Compact JWE sequences on the client
or server out directions. For example, if you have the client code posting a Book or the server
code returning a Book, with this Book representation expected to be encrypted, then add&#160;<a
shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java"
rel="nofollow">JweWriterInterceptor</a> and set the encryption properties on the
JAX-RS client or server.</p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-pare
 nt/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java"
rel="nofollow">JweClientResponseFilter</a> and <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java"
rel="nofollow">JweContainerRequestFilter</a> process the incoming client or server
Compact JWE sequences.</p><p>Here is an example of a plain text "book" being encrypted
with the A128KW key and A128GCM content encryption (see JWE section above), converted into
Compact JWE and POSTed to the target service:</p><div class="preformatted panel"
style="border-width: 1px;"><div class="preformattedContent panelContent">
 <pre>Address: https://localhost:9001/jwejwkaeswrap/bookstore/books
 Http-Method: POST
 Content-Type: application/jose
@@ -652,7 +658,7 @@ INFO: JWE Headers:
         String text = bs.echoText("book");
         assertEquals("book", text);
     }</pre>
-</div></div><p>The above code shows a client proxy code but WebClient can
be created instead. The server is configured <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml#L153"
rel="nofollow">here</a>. The client can be configured in Spring/Blueprint too.</p><p><a
shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java"
rel="nofollow">JweJsonWriterInterceptor</a> creates JWE JSON sequences on the client
or server out directions.&#160;</p><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonClientResponseFilter.java"
rel="nofollow">JweJsonClientResponseFilter</a> and <a shape="rec
 t" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java"
rel="nofollow">JweContainerRequestFilter</a> process the incoming client or server
JWE JSON sequences.</p><p>Here is the same example for encrypting "book" but with
JWS JSON interceptors:</p><div class="preformatted panel" style="border-width: 1px;"><div
class="preformattedContent panelContent">
+</div></div><p>The above code shows a client proxy code but WebClient can
be created instead. The server is configured <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml#L153"
rel="nofollow">here</a>. The client can be configured in Spring/Blueprint too.</p><h3
id="JAX-RSJOSE-JWEJSON.1">JWE JSON</h3><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java"
rel="nofollow">JweJsonWriterInterceptor</a> creates JWE JSON sequences on the client
or server out directions.&#160;</p><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonClientResponseFilter.java"
rel="nofollow">JweJso
 nClientResponseFilter</a> and <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java"
rel="nofollow">JweContainerRequestFilter</a> process the incoming client or server
JWE JSON sequences.</p><p>Here is the same example for encrypting "book" but with
JWS JSON interceptors:</p><div class="preformatted panel" style="border-width: 1px;"><div
class="preformattedContent panelContent">
 <pre>Address: https://localhost:9001/jwejsonhmac/bookstore/books
 Http-Method: POST
 Content-Type: application/jose+json



Mime
View raw message