cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r1018111 [21/33] - in /websites/production/cxf/content: ./ cache/ docs/
Date Wed, 13 Sep 2017 15:05:57 GMT
Modified: websites/production/cxf/content/docs/jaxrs-kerberos.html
==============================================================================
--- websites/production/cxf/content/docs/jaxrs-kerberos.html (original)
+++ websites/production/cxf/content/docs/jaxrs-kerberos.html Wed Sep 13 15:05:52 2017
@@ -32,8 +32,8 @@
 <link type="text/css" rel="stylesheet" href="/resources/highlighter/styles/shThemeCXF.css">
 
 <script src='/resources/highlighter/scripts/shCore.js'></script>
-<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
 <script src='/resources/highlighter/scripts/shBrushXml.js'></script>
+<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
 <script>
   SyntaxHighlighter.defaults['toolbar'] = false;
   SyntaxHighlighter.all();
@@ -121,11 +121,11 @@ Apache CXF -- JAXRS Kerberos
 
 
 &#160;</p><p>&#160;</p><p>&#160;</p><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1505311241408 {padding: 0px;}
-div.rbtoc1505311241408 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1505311241408 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1505314965862 {padding: 0px;}
+div.rbtoc1505314965862 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1505314965862 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1505311241408">
+/*]]>*/</style></p><div class="toc-macro rbtoc1505314965862">
 <ul class="toc-indentation"><li><a shape="rect" href="#JAXRSKerberos-Introduction">Introduction</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAXRSKerberos-Setup">Setup</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAXRSKerberos-Unix">Unix</a></li><li><a shape="rect" href="#JAXRSKerberos-Windows">Windows</a></li></ul>
@@ -138,10 +138,10 @@ div.rbtoc1505311241408 li {margin-left:
 <ul class="toc-indentation"><li><a shape="rect" href="#JAXRSKerberos-ServiceprincipalnameandJAASConfiguration">Service principal name and JAAS Configuration</a></li><li><a shape="rect" href="#JAXRSKerberos-CallbackHandler">CallbackHandler</a></li></ul>
 </li><li><a shape="rect" href="#JAXRSKerberos-CredentialDelegation">Credential Delegation</a></li></ul>
 </div><h1 id="JAXRSKerberos-Introduction">Introduction</h1><p>Please see <a shape="rect" class="external-link" href="http://www.kerberos.org/software/tutorial.html" rel="nofollow">MIT Kerberos Tutorial</a> for a good introduction to Kerberos.<br clear="none"> The <a shape="rect" class="external-link" href="http://msdn.microsoft.com/en-us/library/aa378747%28v=vs.85%29" rel="nofollow">Windows guide</a> as well as <a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Kerberos_%28protocol%29" rel="nofollow">this Wikipedia page</a> are also worth checking.</p><h2 id="JAXRSKerberos-Setup">Setup</h2><h3 id="JAXRSKerberos-Unix">Unix</h3><p>1. Install the packages</p><p>&gt; sudo apt-get install krb5-kdc krb5-admin-server</p><p>During the installation enter "localhost" as the host name for Kerberos servers (unless you have more specific host names to enter) and set a default realm, example, "MYCOMPANY.COM". Follow the 1.2 step from this <a shape="rect" class="external-link
 " href="http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part-i.html" rel="nofollow">blog entry</a> to get this default realm set up properly.</p><p>2. Create principals</p><p>From the step 1.3 at <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part-i.html" rel="nofollow">this blog entry</a>:</p><p>2.1 Create master key:<br clear="none"> &gt; sudo kdb5_util create -s</p><p>2.2 Create user and service principals</p><p>&gt; sudo kadmin.local</p><p>followed by</p><p>&gt; addprinc alice<br clear="none"> &gt; addprinc HTTP/localhost</p><p>where 'HTTP/localhost' is the typical service principal name used in the Negotiate scheme, replace 'localhost' if needed.<br clear="none"> Add more user and service principals too as required.</p><p>3 Start KDC</p><p>&gt; sudo krb5kdc</p><p>4. Create an optional ticket cache</p><p>&gt; klist</p><p>returns an empty response</p><p>&gt; kinit alice</p><p>&gt; klist</p><p
 >confirms a TGT for 'alice' is in the cache.</p><p>2.4 Create keytabs</p><p>When keytabs are available, the principal password does not have to be specified in the login configuration.<br clear="none"> Please follow the step 1.4 from <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part-i.html" rel="nofollow">this blog entry</a>.</p><p>Note, creating a keytab actually resets an original principal password, example, after creating a keytab for 'alice' one would not be able to use the original password (TODO: apparently this can be restored - find out how). Thus, if you'd like to experiment with keytabs then you may want to have few user and service principals created, with only selected principals using keytabs.</p><h3 id="JAXRSKerberos-Windows">Windows</h3><p>Please check the relevant Windows configuration guide such as <a shape="rect" class="external-link" href="http://technet.microsoft.com/en-us/library/cc753173%28v=
 ws.10%29" rel="nofollow">this one</a>.</p><h2 id="JAXRSKerberos-HTTPNegotiatescheme">HTTP Negotiate scheme</h2><p>'Negotiate' authentication scheme is used to pass Kerberos service tickets over HTTP.<br clear="none"> Example:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">Authorization: Negotiate "the encrypted service ticket"
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">Authorization: Negotiate "the encrypted service ticket"
 </pre>
 </div></div><h2 id="JAXRSKerberos-GSSAPI">GSS API</h2><p>Please see <a shape="rect" class="external-link" href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/index.html" rel="nofollow">this</a> GSS API tutorial as well as check this <a shape="rect" class="external-link" href="http://www.javaactivedirectory.com/" rel="nofollow">blog</a> for a number of GSS API examples. Understanding GSS API may help when the way CXF Kerberos handlers work needs to be customized or when the available GSS credentials created outside of CXF need to be made available to CXF (for the credential delegation).</p><h2 id="JAXRSKerberos-JAASKerberosModuleConfiguration">JAAS Kerberos Module Configuration</h2><p><a shape="rect" class="external-link" href="http://docs.oracle.com/javase/6/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html" rel="nofollow">com.sun.security.auth.module.Krb5LoginModule</a> is typically used to login to Kerberos servers.</
 p><h1 id="JAXRSKerberos-Clientconfiguration">Client configuration</h1><h2 id="JAXRSKerberos-HTTPConduit">HTTPConduit</h2><p>Please see <a shape="rect" href="http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport%28includingSSLsupport%29-SpnegoAuthentication%28Kerberos%29">this page</a> for the information about Spnego/Kerberos HTTPConduit client support.</p><h2 id="JAXRSKerberos-Interceptor">Interceptor</h2><p>org.apache.cxf.jaxrs.security.KerberosAuthOutInterceptor can be used as an alternative to configuring HTTPConduit.</p><p>KerberosAuthOutInterceptor and the HTTPConduit Spnego handler share the same base code. Having HTTPConduit configuration can be enough in many cases<br clear="none"> especially when SSL is also being setup at the conduit level. Using the interceptor can be handy when testing as well as when setting few extra properties which is not easy to set up at the generic HTTP Conduit Authorization Policy level.</p><p>The interc
 eptor properties are explained in the following sub-sections</p><h3 id="JAXRSKerberos-AuthorizationPolicy">Authorization Policy</h3><p>As explained on <a shape="rect" href="http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport%28includingSSLsupport%29-SpnegoAuthentication%28Kerberos%29">this page</a>, Authorization Policy typically needs to have its type set to "Negotiate" and its "authorization" property set to the name of the JAAS context. AuthorizationPolicy is set as a "policy" property on the interceptor, example:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">WebClient wc = WebClient.create("http://localhost:" + PORT + "/bookstore/books/123");
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">WebClient wc = WebClient.create("http://localhost:" + PORT + "/bookstore/books/123");
         
 KerberosAuthOutInterceptor kbInterceptor = new KerberosAuthOutInterceptor();
         
@@ -155,7 +155,7 @@ WebClient.getConfig(wc).getOutIntercepto
 Book b = wc.get(Book.class);
 </pre>
 </div></div><p>In this example, the <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg">KerberosClientKeyTab</a> policy is used which links to the available keytab; otherwise AuthorizationPolicy 'UserName' and 'Password' properties would most likely have to be set too (with the possible exceptions on Windows)</p><h3 id="JAXRSKerberos-Configuringtheserviceprincipalname">Configuring the service principal name</h3><p>Service principal identifies a target service.</p><p>By default, the service principal name is calculated by concatenating "HTTP", "/" and the name of the target host, example, when invoking on "http://localhost:8080/services", the service principal name is set to "HTTP/localhost".</p><p>The "servicePrincipalName" and "realm" properties can be used to customize it, example, setting "servicePrincipalName" to "HTTP/www.mycompany.com" and realm to "services.org" 
 will result in the "HTTP/www.mycompany.com@services.org" service principal name being used.</p><p>When the "servicePrincipalName" is not specified, the target host from the provided endpoint URL is used to construct one as-is.&#160; To perform canonicalization of this hostname (e.g. if a CNAME record <a shape="rect" class="external-link" href="http://host.example.com" rel="nofollow">host.example.com</a> points to an A record <a shape="rect" class="external-link" href="http://host-x.example.com" rel="nofollow">host-x.example.com</a>, then use "<a shape="rect" class="external-link" href="http://host-x.example.com" rel="nofollow">host-x.example.com</a>" when constructing the servicePrincipalName), the "useCanonicalHostname" property can be set to "true".</p><h3 id="JAXRSKerberos-UsingJAASConfiguration">Using JAAS Configuration</h3><p>Both HTTPConduit and interceptor handlers need a "java.security.auth.login.config" system property set up. This property needs to point to the file contai
 ning the configuration of the specific Kerberos login module.</p><p>Instead of setting this system property and maintaining a configuration file, one might want to use an implementation of javax.security.auth.login.Configuration and set it on the interceptor as a "loginConfig" property.</p><h3 id="JAXRSKerberos-Howtoavoidsettingusernameandpasswordproperties">How to avoid setting username and password properties</h3><p>Typically, one may have to set AuthorizationPolicy UserName and Password properties for the Kerberos login module to authenticate the user.</p><p>The next option is to create a keytab as noted in the Setup section, which will let one to avoid specifying a password property.<br clear="none"> Finally, if the user actually owns the Java process which runs the code then no username and password properties have to be provided, assuming the Kerberos login configuration has 'useTicketCache' and possibly 'renewTGT' properties set to "true"</p><h1 id="JAXRSKerberos-Serverconfig
 uration">Server configuration</h1><p>org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter can be used to protected JAX-RS endpoints and enforce that a Negotiate authentication scheme is used by clients, example:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;bean id="kerberosFilter" class="org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter"&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;bean id="kerberosFilter" class="org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter"&gt;
    &lt;property name="loginContextName" value="KerberosServiceKeyTab"/&gt;
 &lt;/bean&gt;
 
@@ -169,7 +169,7 @@ Book b = wc.get(Book.class);
 &lt;/jaxrs:server&gt;
 </pre>
 </div></div><p>KerberosAuthenticationFilter will set a CXF <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/security/SecurityContext.java">SecurityContext</a> on the current message if the authentication has been successful. This SecurityContext will return an instance of KerberosAuthenticationFilter$KerberosPrincipal, this Principal will return a 'simple' and 'kerberos' source principal names, example, given "HTTP/localhost@myrealm.com", Principal#getName will return "HTTP/localhost", and KerberosPrincipal#getKerberosName will return "HTTP/localhost@myrealm.com".</p><h2 id="JAXRSKerberos-ServiceprincipalnameandJAASConfiguration">Service principal name and JAAS Configuration</h2><p>Service principal name and JAAS Configuration can be optionally set up the same way they can be with KerberosAuthOutInterceptor, using 'servicePrincipalName' + 'realm' and "loginConfig" properties.</p><h2 id="JAXRSKerberos-CallbackHandl
 er">CallbackHandler</h2><p>javax.security.auth.callback.CallbackHandler needs to be registered if no Kerberos key tabs are used, here is an example of setting it up from Java:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">public class TestResource {
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">public class TestResource {
  public static void main(String[] args) {
    JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
    sf.setResourceClasses(BookStore.class);
@@ -190,7 +190,7 @@ Book b = wc.get(Book.class);
 }
 </pre>
 </div></div><p>In this example, the <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg">KerberosServer</a> policy is used.</p><h1 id="JAXRSKerberos-CredentialDelegation">Credential Delegation</h1><p>Please see this <a shape="rect" href="http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport%28includingSSLsupport%29-CredentialDelegation">section</a> on the way client-side credential delegation can be both enabled and implemented at the HTTP conduit level.</p><p>Note that if you have a JAX-RS KerberosAuthenticationFilter protecting the endpoints, then the filter will have an org.ietf.jgss.GSSContext instance available in the current CXF SecurityContext, via its KerberosAuthenticationFilter$KerberosSecurityContext implementation, which can be used to get to org.ietf.jgss.GSSCredential if the credential delegation is supported for a 
 given source principal. The current credential if any can be set as a client property next, for example:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">import org.ietf.jgss.GSSCredential;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">import org.ietf.jgss.GSSCredential;
 
 import org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter;
 import org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter.KerberosSecurityContext;

Modified: websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html
==============================================================================
--- websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html (original)
+++ websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html Wed Sep 13 15:05:52 2017
@@ -32,9 +32,9 @@
 <link type="text/css" rel="stylesheet" href="/resources/highlighter/styles/shThemeCXF.css">
 
 <script src='/resources/highlighter/scripts/shCore.js'></script>
-<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
-<script src='/resources/highlighter/scripts/shBrushXml.js'></script>
 <script src='/resources/highlighter/scripts/shBrushBash.js'></script>
+<script src='/resources/highlighter/scripts/shBrushXml.js'></script>
+<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
 <script>
   SyntaxHighlighter.defaults['toolbar'] = false;
   SyntaxHighlighter.all();
@@ -119,11 +119,11 @@ Apache CXF -- JAXRS OAuth2 Assertions
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><h1 id="JAXRSOAuth2Assertions-JAXRS:OAuth2Assertions">JAXRS: OAuth2 Assertions</h1><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1505311267532 {padding: 0px;}
-div.rbtoc1505311267532 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1505311267532 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1505314908314 {padding: 0px;}
+div.rbtoc1505314908314 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1505314908314 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1505311267532">
+/*]]>*/</style></p><div class="toc-macro rbtoc1505314908314">
 <ul class="toc-indentation"><li><a shape="rect" href="#JAXRSOAuth2Assertions-JAXRS:OAuth2Assertions">JAXRS: OAuth2 Assertions</a></li><li><a shape="rect" href="#JAXRSOAuth2Assertions-Introduction">Introduction</a></li><li><a shape="rect" href="#JAXRSOAuth2Assertions-SAML2Bearer">SAML2 Bearer</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAXRSOAuth2Assertions-Mavendependencies">Maven dependencies</a></li><li><a shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenGrant">Access Token Grant</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAXRSOAuth2Assertions-Clientcode">Client code</a></li><li><a shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenService">Access Token Service</a></li></ul>
@@ -138,21 +138,21 @@ div.rbtoc1505311267532 li {margin-left:
 </li></ul>
 </li></ul>
 </div><h1 id="JAXRSOAuth2Assertions-Introduction">Introduction</h1><p><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc6749" rel="nofollow">OAuth 2.0</a> supports different types of access token grants. The <a shape="rect" class="external-link" href="http://tools.ietf.org/html/rfc7521" rel="nofollow">OAuth2 Assertions</a> spec "provides a framework for the use of assertions with OAuth 2.0 in the form of a new client authentication mechanism and a new authorization grant type". More specifically, the <a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7522" rel="nofollow">SAML2 Bearer Assertion Profiles for OAuth2</a> spec provides for the use of SAML2 Bearer assertions, and the <a shape="rect" class="external-link" href="http://tools.ietf.org/html/rfc7523" rel="nofollow">JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants</a> spec providers for the use of JWT Bearer tokens.</p><p>These assertions 
 can be used as token grants, but also, if needed, for getting 3rd party clients authenticated. Note the clients can use assertions as grants but use for example Basic authentication mechanism, or use say an authorization code grant and the assertion to authenticate, and finally, they can use assertions as a grant and as an authentication token.</p><p>Currently CXF supports both SAML2 Bearer and JWT Bearer assertions as grants and authentication tokens.</p><p>See the <a shape="rect" href="jax-rs-oauth2.html">JAX-RS OAuth2</a> page for information about OAuth 2.0 support in CXF. Please also check the <a shape="rect" href="jax-rs-saml.html">JAX-RS SAML</a> page for more information about SAML support.</p><p>&#160;</p><h1 id="JAXRSOAuth2Assertions-SAML2Bearer">SAML2 Bearer</h1><h2 id="JAXRSOAuth2Assertions-Mavendependencies">Maven dependencies</h2><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;dependency&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;dependency&gt;
   &lt;groupId&gt;org.apache.cxf&lt;/groupId&gt;
   &lt;artifactId&gt;cxf-rt-rs-security-oauth2-saml&lt;/artifactId&gt;
   &lt;version&gt;${cxf.version}&lt;/version&gt;
 &lt;/dependency&gt;
 </pre>
 </div></div><h2 id="JAXRSOAuth2Assertions-AccessTokenGrant">Access Token Grant</h2><p><a shape="rect" class="external-link" href="http://tools.ietf.org/html/rfc7522#section-2.1" rel="nofollow">This section</a> explains how SAML2 Bearer assertions can be used as token grants. The value of grant_type parameter is "urn:ietf:params:oauth:grant-type:saml2-bearer".</p><p>It is really just another grant type, but whose actual value is a SAML assertion. The specification provides an <a shape="rect" class="external-link" href="http://tools.ietf.org/html/rfc7522#section-4" rel="nofollow">example</a> of how such an assertion may look like.</p><p>The additional restriction is that the assertions have to be encoded using Base64Url encoding. <br clear="none"> Here is how a request may look like:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">POST /token HTTP/1.1
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">POST /token HTTP/1.1
 Content-Type: application/x-www-form-urlencoded
 
 grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Asaml2-bearer&amp;
 assertion=Base64UrlEncoded-SAML2-Bearer-Assertion
 </pre>
 </div></div><h3 id="JAXRSOAuth2Assertions-Clientcode">Client code</h3><p>The following example shows how to use SAML2 Bearer assertion as a grant with CXF OAuth2 client code:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">import org.apache.cxf.jaxrs.client.WebClient;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rs.security.common.CryptoLoader;
 import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
@@ -182,7 +182,7 @@ ClientAccessToken at = OAuthClientUtils.
                                                        false);
 </pre>
 </div></div><p>The code above prepares an info for a new SAML assertion be self-signed, loading a Crypto instance with crypto <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.properties">properties</a>, and uses SAMLUtils to create and sign the assertion (using Crypto, plus user alias and password). Saml2BearerGrant will get the assertion Base64Url-encoded - unless the assertion has already been encoded with CXF Base64UrlUtility or came encoded from IP - in this case Saml2BearerGrant constructor accepting an 'encoded' property will have to be used, with the value set to "true".</p><p>This is nearly as simple as using other token grants, the step 2 will often me omitted in more involved cases as it will be the job of Identity Providers to issue OAuth2 SAML2 Bearer assertions. Step 2 needs to be done when testing or when getting client acting <a shape="rect" class="
 external-link" href="http://tools.ietf.org/html/rfc7521#section-6.2" rel="nofollow">on behalf of itself</a> for example.</p><p>Instead of using SelfSignInfo utility one can create an empty CXF Message and set required properties on it and passing it to SAMLUtils - see the example on how to use SAML Bearer assertions for the authentication below.</p><p>When doing step 2, the main effort is to do with getting a SAML assertion populated - use a SAML callback handler like <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler.java">this one</a>, it is actually quite easy to build the assertion.</p><h3 id="JAXRSOAuth2Assertions-AccessTokenService">Access Token Service</h3><p>Here is how one may configure Access Token Service:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/&gt;
 &lt;bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler"&gt;
   &lt;property name="dataProvider" ref="dataProvider"/&gt;
 &lt;/bean&gt;
@@ -210,7 +210,7 @@ ClientAccessToken at = OAuthClientUtils.
 &lt;/jaxrs:server&gt;
 </pre>
 </div></div><h2 id="JAXRSOAuth2Assertions-AuthenticationToken">Authentication Token</h2><p>As noted in the introduction, SAML2 Bearer assertions may also act as client authentication credentials, when requesting an access token, irrespectively of the actual grant type. For example:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">POST /token HTTP/1.1
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">POST /token HTTP/1.1
 Content-Type: application/x-www-form-urlencoded
 
 grant_type=authorization_code
@@ -219,7 +219,7 @@ grant_type=authorization_code
 &amp;client_assertion=Base64UrlEncoded-SAML2-Bearer-Assertion
 </pre>
 </div></div><p>Note "client_assertion_type" with a value "urn:ietf:params:oauth:client-assertion-type:saml2-bearer" indicates that the type of assertion used as an authentication token is "urn:ietf:params:oauth:client-assertion-type:saml2-bearer", while the "client_assertion" parameter carries the actual value of the token.</p><h3 id="JAXRSOAuth2Assertions-ClientCode">Client Code</h3><p>The following example shows how to use SAML2 Bearer assertion as an authentication token:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">import org.apache.cxf.jaxrs.client.WebClient;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rs.security.common.CryptoLoader;
 import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
@@ -258,7 +258,7 @@ ClientAccessToken at = OAuthClientUtils.
                                                        extraParams);
 </pre>
 </div></div><p>The above code is similar to the example when SAML2 Bearer assertion is used as a grant except that this time the assertion is Base64Url-encoded in the code - note steps 2 and likely 3 will not be required when the assertion came from IP.<br clear="none"> Next, the encoded assertion is used as part of the token request payload, note that it does not matter what grant type is actually used.</p><p>A different approach to dealing with the assertion directly in the client code is to use org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthOutInterceptor interceptor which will add the assertion to the existing form payload, for example:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
 
 Map&lt;String, Object&gt; properties = new HashMap&lt;String, Object&gt;();
 properties.put("security.callback-handler", 
@@ -282,7 +282,7 @@ ClientAccessToken at = OAuthClientUtils.
                                                        accessTokenGrant);
 </pre>
 </div></div><h3 id="JAXRSOAuth2Assertions-AccessTokenService.1">Access Token Service</h3><p>Here is how one may configure Access Token Service:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/&gt;
 &lt;bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/&gt;
 &lt;bean id="samlAuthHandler" class="org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"/&gt;
 
@@ -313,7 +313,7 @@ ClientAccessToken at = OAuthClientUtils.
 &lt;/jaxrs:server&gt;
 </pre>
 </div></div><h2 id="JAXRSOAuth2Assertions-ClientActingonBehalfofItself">Client Acting on Behalf of Itself</h2><p>In the <a shape="rect" class="external-link" href="http://tools.ietf.org/html/rfc7521#section-6.2" rel="nofollow">Client Acting on Behalf of Itself</a> use either org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerClientCredentialsGrant :</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">import org.apache.cxf.jaxrs.client.WebClient;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rs.security.common.CryptoLoader;
 import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
@@ -342,7 +342,7 @@ ClientAccessToken at = OAuthClientUtils.
                                                        extraParams);
 </pre>
 </div></div><p>or ClientCredentialsGrant in combination with Saml2BearerAuthOutInterceptor:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
 
 Map&lt;String, Object&gt; properties = new HashMap&lt;String, Object&gt;();
 properties.put("security.callback-handler", 
@@ -365,14 +365,14 @@ AccessTokenGrant accessTokenGrant = new
 ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, accessTokenGrant);
 </pre>
 </div></div><p>&#160;</p><h1 id="JAXRSOAuth2Assertions-JWTBearer">JWT Bearer</h1><p>See <a shape="rect" href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+OAuth2#JAX-RSOAuth2-SAMLandJWTAssertions">this CXF OAuth2 section</a> for the information about the implementation details.</p><h2 id="JAXRSOAuth2Assertions-AccessTokenGrant.1">Access Token Grant</h2><p><a shape="rect" class="external-link" href="http://tools.ietf.org/html/rfc7523#section-2.1" rel="nofollow">This section</a> explains how JWT Bearer tokens can be used as token grants. The value of grant_type parameter is "urn:ietf:params:oauth:grant- type:jwt-bearer".</p><p>It is really just another grant type, but whose actual value is a JWT Token. The specification provides an <a shape="rect" class="external-link" href="http://tools.ietf.org/html/rfc7523#section-4" rel="nofollow">example</a> of how such an assertion may look like.</p><p>Here is how a request may look like:</p><div class="code panel pdl" style="bord
 er-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">POST /token HTTP/1.1
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">POST /token HTTP/1.1
 Content-Type: application/x-www-form-urlencoded
 
 grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&amp;
 assertion=X.Y.Z
 </pre>
 </div></div><h3 id="JAXRSOAuth2Assertions-Clientcode.1">Client code</h3><p>CXF BigQuery demo <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java#L75" rel="nofollow">shows</a> how a so called Google Service Client can prepare a signed JWT token and use JwtBearerGrant in order to issue a JWT Bearer grant request and get a new access token back. CXF WebClient is used in the demo code but OAuthClientUtils can also be used.</p><h3 id="JAXRSOAuth2Assertions-AccessTokenService.2">Access Token Service</h3><p>Here is how one may configure the Access Token Service:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/&gt;
 &lt;bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler"&gt;
   &lt;property name="dataProvider" ref="dataProvider"/&gt;
 &lt;/bean&gt;
@@ -404,7 +404,7 @@ assertion=X.Y.Z
 &lt;/jaxrs:server&gt;
 </pre>
 </div></div><h2 id="JAXRSOAuth2Assertions-AuthenticationToken.1">Authentication Token</h2><p>As noted in the introduction, JWT Bearer tokens may also act as client authentication credentials, when requesting an access token, irrespectively of the actual grant type. For example:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">POST /token HTTP/1.1
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">POST /token HTTP/1.1
 Content-Type: application/x-www-form-urlencoded
 
 grant_type=authorization_code
@@ -413,7 +413,7 @@ grant_type=authorization_code
 &amp;client_assertion=X.Y.Z
 </pre>
 </div></div><p>Note "client_assertion_type" with a value "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" indicates that the type of assertion used as an authentication token is "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", while the "client_assertion" parameter carries the actual value of the token.</p><h3 id="JAXRSOAuth2Assertions-ClientCode.1">Client Code</h3><p>Suppose the client is acting on behalf of itself to request a token, effectively using Client Credentials grant. In this case it will use <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerClientCredentialsGrant.java" rel="nofollow">JwtBearerClientCredentialsGrant</a>.</p><h3 id="JAXRSOAuth2Assertions-AccessTokenService.3">Access Token Service</h3><p>Here is how one may configure Access Token Service:</p><div class="code panel pdl" style="border-width: 1px;"><div cla
 ss="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/&gt;
 &lt;bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/&gt;
 &lt;bean id="jwtAuthHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerAuthHandler"/&gt;
 

Modified: websites/production/cxf/content/docs/jaxrs-services-configuration.html
==============================================================================
--- websites/production/cxf/content/docs/jaxrs-services-configuration.html (original)
+++ websites/production/cxf/content/docs/jaxrs-services-configuration.html Wed Sep 13 15:05:52 2017
@@ -32,9 +32,9 @@
 <link type="text/css" rel="stylesheet" href="/resources/highlighter/styles/shThemeCXF.css">
 
 <script src='/resources/highlighter/scripts/shCore.js'></script>
-<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
-<script src='/resources/highlighter/scripts/shBrushXml.js'></script>
 <script src='/resources/highlighter/scripts/shBrushBash.js'></script>
+<script src='/resources/highlighter/scripts/shBrushXml.js'></script>
+<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
 <script>
   SyntaxHighlighter.defaults['toolbar'] = false;
   SyntaxHighlighter.all();
@@ -122,11 +122,11 @@ Apache CXF -- JAXRS Services Configurati
 
 
 &#160;</p><p>&#160;</p><p>&#160;</p><p>&#160;</p><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1505311269938 {padding: 0px;}
-div.rbtoc1505311269938 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1505311269938 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1505314883370 {padding: 0px;}
+div.rbtoc1505314883370 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1505314883370 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1505311269938">
+/*]]>*/</style></p><div class="toc-macro rbtoc1505314883370">
 <ul class="toc-indentation"><li><a shape="rect" href="#JAXRSServicesConfiguration-ConfiguringJAX-RSservicesprogrammatically">Configuring JAX-RS services programmatically</a></li><li><a shape="rect" href="#JAXRSServicesConfiguration-OSGI">OSGI</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAXRSServicesConfiguration-Blueprint">Blueprint</a></li><li><a shape="rect" href="#JAXRSServicesConfiguration-Spring">Spring</a></li></ul>
 </li><li><a shape="rect" href="#JAXRSServicesConfiguration-SpringBoot">Spring Boot</a></li><li><a shape="rect" href="#JAXRSServicesConfiguration-ConfiguringJAX-RSendpointsprogrammaticallywithoutSpring">Configuring JAX-RS endpoints programmatically without Spring</a></li><li><a shape="rect" href="#JAXRSServicesConfiguration-BlueprintWeb">Blueprint Web</a>
@@ -145,7 +145,7 @@ div.rbtoc1505311269938 li {margin-left:
 <ul class="toc-indentation"><li><a shape="rect" href="#JAXRSServicesConfiguration-Spring.1">Spring</a></li></ul>
 </li><li><a shape="rect" href="#JAXRSServicesConfiguration-ServletandApplicationContainerConfiguration">Servlet and Application Container Configuration</a></li></ul>
 </div><h1 id="JAXRSServicesConfiguration-ConfiguringJAX-RSservicesprogrammatically">Configuring JAX-RS services programmatically</h1><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">import org.apache.cxf.jaxrs.JAXRSServerFactoryBean;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">import org.apache.cxf.jaxrs.JAXRSServerFactoryBean;
 ...
 
 JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
@@ -154,17 +154,17 @@ sf.setAddress("http://localhost:9000/");
 sf.create();
 </pre>
 </div></div><p>Some things to note:</p><ul><li>The JAXRSServerFactoryBean creates a Server inside CXF which starts listening for requests on the URL specified.</li><li>Check the <a shape="rect" href="http://cxf.apache.org/javadoc/latest/org/apache/cxf/jaxrs/JAXRSServerFactoryBean.html">JAXRSServerFactoryBean API</a> for methods for adding multiple root resources</li><li>setResourceClasses() is for root resources only, use setProvider() or setProviders() for @Provider-annotated classes.</li><li><p>By default, the JAX-RS runtime is responsible for the lifecycle of resource classes, default lifecycle is per-request. You can set the lifecycle to singleton by using following line:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">sf.setResourceProvider(BookStore.class, new SingletonResourceProvider(new BookStore()));
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">sf.setResourceProvider(BookStore.class, new SingletonResourceProvider(new BookStore()));
 </pre>
 </div></div></li><li><p>If you prefer not to let the JAX-RS runtime handle the resource class lifecycle for you (for example, it might be the case that your resource class is created by other containers such as Spring), you can do the following:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
 CustomerService cs = new CustomerService();
 sf.setServiceBeans(cs);
 sf.setAddress("http://localhost:9080/");
 sf.create();
 </pre>
 </div></div></li></ul><h1 id="JAXRSServicesConfiguration-OSGI">OSGI</h1><h2 id="JAXRSServicesConfiguration-Blueprint">Blueprint</h2><p>The following example shows how to configure a JAX-RS endpoint in OSGI containers supporting Blueprint:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xmlns:jaxrs="http://cxf.apache.org/blueprint/jaxrs"
            xmlns:cxf="http://cxf.apache.org/blueprint/core"
@@ -190,7 +190,7 @@ sf.create();
 &lt;/blueprint&gt;
 </pre>
 </div></div><h2 id="JAXRSServicesConfiguration-Spring">Spring</h2><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;beans xmlns="http://www.springframework.org/schema/beans"
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:jaxrs="http://cxf.apache.org/jaxrs"
       xsi:schemaLocation="
@@ -208,7 +208,7 @@ sf.create();
 
 </pre>
 </div></div><h1 id="JAXRSServicesConfiguration-SpringBoot">Spring Boot</h1><p>Please see CXF&#160;<a shape="rect" href="http://cxf.apache.org/docs/springboot.html#SpringBoot-SpringBootCXFJAX-RSStarter">SpringBoot</a>&#160;documentation.&#160;</p><p>Please see <a shape="rect" class="external-link" href="https://github.com/apache/cxf/tree/master/distribution/src/main/release/samples/jax_rs/spring_boot" rel="nofollow">JAX-RS Spring Boot</a> and <a shape="rect" class="external-link" href="https://github.com/apache/cxf/tree/master/distribution/src/main/release/samples/jax_rs/spring_boot_scan/application" rel="nofollow">JAX-RS Spring Boot Scan</a> demos.</p><p>Please see&#160;<a shape="rect" href="jaxrsclientspringboot.html">JAXRSClientSpringBoot</a> documentation on how CXF <a shape="rect" href="jax-rs-client-api.html">JAX-RS Clients</a> can be used in a SpringBoot Application.&#160;</p><p>&#160;</p><h1 id="JAXRSServicesConfiguration-ConfiguringJAX-RSendpointsprogrammaticallywithoutSprin
 g">Configuring JAX-RS endpoints programmatically without Spring</h1><p>Note that even though no Spring is explicitly used in the previous section, it is still used by default to have various CXF components registered with the bus such as transport factories. If no Spring libraries are available on the classpath then please follow the following example :</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
 sf.setResourceClasses(CustomerService.class);
 sf.setResourceProvider(CustomerService.class, new SingletonResourceProvider(new CustomerService()));
 sf.setAddress("http://localhost:9000/");
@@ -219,28 +219,28 @@ manager.registerBindingFactory(JAXRSBind
 sf.create();
 </pre>
 </div></div><h1 id="JAXRSServicesConfiguration-BlueprintWeb">Blueprint Web</h1><p>This section describes how CXF JAX-RS endpoints can be bootstrapped with CXFBlueprintServlet and Blueprint contexts.</p><p>This approach is recommended for developers building CXF JAX-RS endpoints to be deployed in OSGI and which will do RequestDispatcher-based forwards.</p><p>Additionally it allows to reuse the same Blueprint contexts between OSGI and non-OSGI deployments.</p><p>Both options below work with CXF 3.1.3:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;dependency&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;dependency&gt;
   &lt;groupId&gt;org.apache.cxf&lt;/groupId&gt;
   &lt;artifactId&gt;cxf-rt-frontend-jaxrs&lt;/artifactId&gt;
   &lt;version&gt;3.1.3&lt;/version&gt;
 &lt;/dependency&gt;
 </pre>
 </div></div><p>&#160;</p><h2 id="JAXRSServicesConfiguration-Mavendependencies">Maven dependencies</h2><h3 id="JAXRSServicesConfiguration-OSGI.1">OSGI</h3><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;dependency&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;dependency&gt;
   &lt;groupId&gt;org.apache.aries.blueprint&lt;/groupId&gt;
   &lt;artifactId&gt;org.apache.aries.blueprint.webosgi&lt;/artifactId&gt;
   &lt;version&gt;1.0.1&lt;/version&gt;
 &lt;/dependency&gt;
 </pre>
 </div></div><p>In OSGI (Karaf) one should also install a 'war' feature.</p><h3 id="JAXRSServicesConfiguration-ServletContainer">Servlet Container</h3><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;dependency&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;dependency&gt;
   &lt;groupId&gt;org.apache.aries.blueprint&lt;/groupId&gt;
   &lt;artifactId&gt;org.apache.aries.blueprint.web&lt;/artifactId&gt;
   &lt;version&gt;1.1.1&lt;/version&gt;
 &lt;/dependency&gt;
 </pre>
 </div></div><p>&#160;</p><h2 id="JAXRSServicesConfiguration-Commonexample">Common example</h2><p>&#160;</p><p>This <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/systests/jaxrs/src/test/resources/jaxrs_soap_blueprint/WEB-INF/web.xml" rel="nofollow">web.xml</a> shows how to setup CXFBlueprintServlet which processes <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/systests/jaxrs/src/test/resources/jaxrs_soap_blueprint/WEB-INF/beans.xml" rel="nofollow">this Blueprint context.</a> It works exactly the same way in OSGI and non-OSGI environments.</p><h1 id="JAXRSServicesConfiguration-ConfiguringJAX-RSservicesincontainerwithSpringconfigurationfile.">Configuring JAX-RS services in container with Spring configuration file.</h1><h2 id="JAXRSServicesConfiguration-web.xml">web.xml</h2><p>In web.xml one needs to register one or more CXFServlet(s) and link to an application context configuration.</p><h3 id="JAXRSServicesC
 onfiguration-UsingSpringContextLoaderListener">Using Spring ContextLoaderListener</h3><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;?xml version="1.0" encoding="ISO-8859-1"?&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;?xml version="1.0" encoding="ISO-8859-1"?&gt;
 
 &lt;!DOCTYPE web-app
     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
@@ -273,7 +273,7 @@ sf.create();
 &lt;/web-app&gt;
 </pre>
 </div></div><p>The application context configuration is shared between all the CXFServlets</p><h3 id="JAXRSServicesConfiguration-UsingCXFServletinitparameters">Using CXFServlet init parameters</h3><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;?xml version="1.0" encoding="ISO-8859-1"?&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;?xml version="1.0" encoding="ISO-8859-1"?&gt;
 
 &lt;!DOCTYPE web-app
     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
@@ -318,7 +318,7 @@ sf.create();
 &lt;/web-app&gt;
 </pre>
 </div></div><p>Each CXFServlet can get a unique application context configuration. Note, no Spring ContextLoaderListener is registered in web.xml in this case.</p><h2 id="JAXRSServicesConfiguration-beans.xml">beans.xml</h2><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
 &lt;beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:jaxrs="http://cxf.apache.org/jaxrs"
@@ -343,7 +343,7 @@ http://cxf.apache.org/schemas/jaxrs.xsd"
 &lt;/beans&gt;
 </pre>
 </div></div><p>In the above configuration all resources will be configured as singletons, see <a shape="rect" href="jaxrs-services-configuration.html">below</a> for information on creating per-request resources.</p><h1 id="JAXRSServicesConfiguration-ConfiguringJAX-RSservicesusingexplicitbeanconfiguration">Configuring JAX-RS services using explicit bean configuration</h1><p>Note that jaxrs:server (and jaxrs:client) declarations depend on 'http://cxf.apache.org/jaxrs' Spring NamespaceHandler be available on classpath. Sometimes, due to classloading restrictions or bugs in underlying containers which are exposed during complex deployments or due to multiple Spring libraries interfering with each other, NamespaceHandler can not be located and thus jaxrs endpoints can not be created. <br clear="none"> Please report such issues to the team working on developing the container itself.</p><p>If you need to do Spring configuration and get an error to do with a missing NamespaceHandler then, a
 s a workaround, consider configuring jaxrs endpoints using CXF beans which actually handle the creation of jaxrs:server endpoints. This is marginally more complex, but overall, the configuration ends up being quite similar, for example, the above jaxrs:server endpoint can be configured like this instead:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
 &lt;beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="
@@ -365,7 +365,7 @@ http://www.springframework.org/schema/be
 
 </pre>
 </div></div><h1 id="JAXRSServicesConfiguration-SpringAOP">Spring AOP</h1><p>CXF JAX-RS is capable of working with AOP interceptors applied to resource classes from Spring.<br clear="none"> For example:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;beans xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:aop="http://www.springframework.org/schema/aop" 
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;beans xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:aop="http://www.springframework.org/schema/aop" 
   xsi:schemaLocation=" http://www.springframework.org/schema/beans
   http://www.springframework.org/schema/beans/spring-beans.xsd
   http://www.springframework.org/schema/aop  
@@ -399,7 +399,7 @@ http://www.springframework.org/schema/be
 
 </pre>
 </div></div><p>Note that some AOP configuration is applied to two JAX-RS resource classes. By default Spring uses JDK dynamic proxies if a class to be proxified implements at least one interface or CGLIB proxies otherwise.</p><p>For example, here's how org.apache.cxf.systest.jaxrs.BookStoreWithInterface looks like:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">public interface BookInterface {
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">public interface BookInterface {
     @GET
     @Path("/thosebooks/{bookId}/")
     @Produces("application/xml")
@@ -422,10 +422,10 @@ public class BookStoreWithInterface exte
 }
 </pre>
 </div></div><p>In this case Spring will use a JDK dynamic proxy to wrap a BookStoreWithInterface class. As such it is important that the method which needs to be invoked such as getThatBook(...) will be part of the interface.</p><p>The other method, getTheBook() can not be dispatched to by a JAX-RS runtime as it's not possible to discover it through a JDK proxy. If this method also needs to be invoked then this method should either be added to the interface or CGLIB proxies have to be explicitly enabled (consult Spring AOP documentation for more details). For example:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;aop:config proxy-target-class="true"/&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;aop:config proxy-target-class="true"/&gt;
 </pre>
 </div></div><h1 id="JAXRSServicesConfiguration-ConfiguringJAX-RSservicesincontainerwithoutSpring">Configuring JAX-RS services in container without Spring</h1><p>If you prefer, you can register JAX-RS endpoints without depending on Spring with the help of CXFNonSpringJaxrsServlet :</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;servlet&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;servlet&gt;
  &lt;servlet-name&gt;CXFServlet&lt;/servlet-name&gt;
  &lt;display-name&gt;CXF Servlet&lt;/display-name&gt;
  &lt;servlet-class&gt;
@@ -487,7 +487,7 @@ public class BookStoreWithInterface exte
 &lt;/servlet&gt;
 </pre>
 </div></div><p>When service classes and providers are registered this way, the default life-cycle is 'singleton'. You can override it by setting a "jaxrs.scope" parameter with the value of 'prototype' (equivalent to per-request). <br clear="none"> By default, the endpoint address is "/". One can provide a more specific value using a "jaxrs.address" parameter.</p><p>Note that multiple service&#160; or providers class names are separated by a comma. Users may want to use a "class.parameter.split.char" servlet parameter with the value "space" when</p><p>migrating from the older CXF versions were the space was used to separate multiple class names.</p><p>If the referenced service classes are not annotated with JAX-RS annotations then an external user model can also be linked to :</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;servlet&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;servlet&gt;
  &lt;servlet-name&gt;CXFServlet&lt;/servlet-name&gt;
  &lt;display-name&gt;CXF Servlet&lt;/display-name&gt;
  &lt;servlet-class&gt;
@@ -510,7 +510,7 @@ public class BookStoreWithInterface exte
 &lt;/servlet&gt;
 </pre>
 </div></div><p>A more portable way to register resource classes and providers with CXFNonSpringJaxrsServlet is to use a JAX-RS Application <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookApplication.java">implementation</a> :</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;servlet&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;servlet&gt;
  &lt;servlet-name&gt;CXFServlet&lt;/servlet-name&gt;
  &lt;display-name&gt;CXF Servlet&lt;/display-name&gt;
  &lt;servlet-class&gt;
@@ -534,7 +534,7 @@ public class BookStoreWithInterface exte
 &lt;/servlet&gt;
 </pre>
 </div></div><p>Note that Application.getClasses() method returns a set of per-request resource class names. Application.getSingletons() returns a list of singleton resource and provider classes.</p><p>Starting from CXF 2.3.7/2.4.3/2.5.0 it is possible to simple properties for resource and Application classes, providers and interceptors:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;servlet&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;servlet&gt;
  &lt;servlet-name&gt;CXFServlet&lt;/servlet-name&gt;
  &lt;display-name&gt;CXF Servlet&lt;/display-name&gt;
  &lt;servlet-class&gt;
@@ -551,7 +551,7 @@ public class BookStoreWithInterface exte
 &lt;/servlet&gt;
 </pre>
 </div></div><p>In the above example, org.apache.cxf.systest.jaxrs.BookApplication is expected to have setName and setId setters, with a single primitive or List parameter type.</p><p><strong>Note</strong> that having the web-app_2_3.dtd DTD referenced from web.xml will likely prevent 'param-value' containing spaces and make it difficult to specify multiple providers like this:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;"> &lt;init-param&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;"> &lt;init-param&gt;
   &lt;param-name&gt;jaxrs.providers&lt;/param-name&gt;
   &lt;param-value&gt;
     mypackage.Provider1 
@@ -562,7 +562,7 @@ public class BookStoreWithInterface exte
 &lt;/servlet&gt;
 </pre>
 </div></div><p>In such cases consider moving to the web-app 2.5 schema or extending CXFNonSpringJaxrsProviders or introducing an Application.</p><h2 id="JAXRSServicesConfiguration-AttachingJAXRSendpointstoanexistingJettyserver">Attaching JAXRS endpoints to an existing Jetty server</h2><p>Here is a code fragment showing how it can be done with the help of CxfNonSpringJaxrsServlet :</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">CXFNonSpringJAXRSServlet cxf = new CXFNonSpringJaxrsServlet();
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">CXFNonSpringJAXRSServlet cxf = new CXFNonSpringJaxrsServlet();
 
 ...
 
@@ -574,7 +574,7 @@ root.addServlet(servlet, "/*");
 
 </pre>
 </div></div><h1 id="JAXRSServicesConfiguration-JAX-RSRuntimeDelegateandApplications">JAX-RS RuntimeDelegate and Applications</h1><p>If you have a JAX-RS Application implementation available and would like to minimize the interaction with the CXF JAX-RS specific API, you may want to use the JAX-RS RuntimeDelegate :</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">import javax.ws.rs.ext.RuntimeDelegate;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">import javax.ws.rs.ext.RuntimeDelegate;
 import org.apache.cxf.endpoint.Server;
 import org.apache.cxf.jaxrs.JAXRSServerFactoryBean;
 
@@ -593,7 +593,7 @@ server.stop();
 
 </pre>
 </div></div><p>Note that the above code makes sure an @ApplicationPath value (if CustomApplication has this annotation) is taken into account.</p><h1 id="JAXRSServicesConfiguration-ConfiguringJAX-RSservicesprogrammaticallywithSpringconfigurationfile.">Configuring JAX-RS services programmatically with Spring configuration file.</h1><p>When using Spring explicitly in your code, you may want to follow this example :</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">ClassPathXmlApplicationContext ctx = new ClassPathXmlApplicationContext(new String[]
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">ClassPathXmlApplicationContext ctx = new ClassPathXmlApplicationContext(new String[]
                       {"/org/apache/cxf/jaxrs/spring/servers.xml"});
 
 // 'simple' is the id of the jaxrs server bean
@@ -601,13 +601,13 @@ JAXRSServerFactoryBean sfb = (JAXRSServe
 sfb.create();
 </pre>
 </div></div><p>Note that in in this case your Spring configuration file should import cxf-extension-http-jetty.xml instead of cxf-servlet.xml :</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;!--
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;!--
 &lt;import resource="classpath:META-INF/cxf/cxf-servlet.xml" /&gt;
 --&gt;
 &lt;import resource="classpath:META-INF/cxf/cxf-extension-http-jetty.xml" /&gt;
 </pre>
 </div></div><h1 id="JAXRSServicesConfiguration-Lifecyclemanagement">Lifecycle management</h1><h2 id="JAXRSServicesConfiguration-FromSpring">From Spring</h2><p>By default, the service beans which are referenced directly from the jaxrs:server endpoint declarations are treated by the runtime as singleton JAX-RS root resources. For example:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;beans&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;beans&gt;
   &lt;jaxrs:server id="customerService" address="/service1"&gt;
     &lt;jaxrs:serviceBeans&gt;
       &lt;ref bean="customerBean" /&gt;
@@ -622,7 +622,7 @@ sfb.create();
 &lt;/beans&gt;
 </pre>
 </div></div><p>Spring instantiates and injects the customerBean reference and the runtime will access this reference directly afterwards. Effectively, the scope attribute which may be present on the customerBean bean declaration is ignored in this case, <strong>unless the Spring AOP is used to enforce the required scope</strong> (see below for more information).</p><p>The 'serviceFactories' element or beanNames attribute has to be used for a 'prototype', 'request' and other Spring bean scopes be supported.</p><p>For example, the serviceFactories element can reference one or more beans of type 'org.apache.cxf.jaxrs.spring.SpringResourceFactory' which in turn reference the actual service beans.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;beans&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;beans&gt;
   &lt;jaxrs:server id="customerService" address="/service1"&gt;
     &lt;jaxrs:serviceFactories&gt;
       &lt;ref bean="sfactory1" /&gt;
@@ -642,7 +642,7 @@ sfb.create();
 &lt;/beans&gt;
 </pre>
 </div></div><p>In this example, the jaxrs:server endpoint has two JAX-RS root resources (customerBean1 and customerBean2) with the Spring 'prototype' scope.<br clear="none"> Other scopes can also be supported.</p><p>If using the jaxrs:serviceFactories element seems a bit verbose then the 'beanNames' attribute can be used instead:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;beans&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;beans&gt;
   &lt;jaxrs:server id="customerService" address="/service1"
     beanNames="customerBean1 customerBean2"/&gt;
   
@@ -651,7 +651,7 @@ sfb.create();
 &lt;/beans&gt;
 </pre>
 </div></div><p>The beanNames attribute lists the names/ids of service beans separated by space. The jaxrs:serviceFactories element has to be used when users register custom CXF JAX-RS <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/lifecycle/ResourceProvider.java">ResourceProvider</a> implementations.</p><p>Another approach toward supporting complex scopes in Spring is to use Spring AOP. For example, the following fragment shows how to have the Spring "request" scope supported:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;beans
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;beans
 	xmlns="http://www.springframework.org/schema/beans"
 	xmlns:aop="http://www.springframework.org/schema/aop"
 	xmlns:jaxrs="http://cxf.apache.org/jaxrs"
@@ -676,12 +676,12 @@ sfb.create();
 &lt;/beans&gt;
 </pre>
 </div></div><p>in addition, the following servlet listener has to be added to the web.xml:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;listener&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;listener&gt;
     &lt;listener-class&gt;org.springframework.web.context.request.RequestContextListener&lt;/listener-class&gt;
 &lt;/listener&gt;
 </pre>
 </div></div><p>The request-scoped service bean instances (example, org.apache.cxf.systest.jaxrs.CustomerService instances) are not actually available at the initialization time thus one limitation of the above configuration is that it is not possible to inject JAX-RS contexts into these service beans. This is not a show-stopper because contexts such as UriInfo can be passed in as resource method parameters. However, if the injection into the fields or via method setters is required then a little customization of the org.apache.cxf.jaxrs.spring.SpringResourceFactory will do the trick. Particularly, the Spring ApplicationContext reports that a request-scoped bean is a singleton but the JAX-RS runtime can not inject thread-local proxies given that the actual instance is not available as explained above; in fact, the request-scoped beans are not really JAX-RS singletons. Thus a simple custom factory like <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/tru
 nk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/RequestScopeResourceFactory.java">this one</a> is needed and it has to be used the following way:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;beans&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;beans&gt;
   &lt;jaxrs:server id="customerService" address="/service1"&gt;
     &lt;jaxrs:serviceFactories&gt;
        &lt;bean class="org.apache.cxf.systest.jaxrs.RequestScopeResourceFactory"&gt;
@@ -694,20 +694,20 @@ sfb.create();
 &lt;/beans&gt;
 </pre>
 </div></div><p>The above configuration makes sure that the CXF JAX-RS runtime injects the values at the request time given that the customerBean bean is not seen as a JAX-RS singleton. This approach is only needed if the injection of contexts is required.</p><h2 id="JAXRSServicesConfiguration-WithCXFNonSpringJaxrsServlet">With CXFNonSpringJaxrsServlet</h2><p>CXFNonSpringJaxrsServlet uses 'Singleton' as a default scope for service classes specified by a "jaxrs.serviceClasses" servlet parameter. It can be overridden by setting a "jaxrs.scope" parameter to a "prototype" value or by not using the "jaxrs.serviceClasses" parameter at all and registering a JAXRS Application implementation instead. Please see the section describing CXFNonSpringJaxrsServlet for more details.</p><p>CXFNonSpringJaxrsServlet can support singleton scopes for classes with constructors expecting JAXRS contexts, at the moment it can only inject ServletContext or ServletConfig contexts :</p><div class="code panel pd
 l" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">@Path("/")
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">@Path("/")
 public class SingletonResourceClass {
    public SingletonResourceClass(@Context ServletContext context, @Context ServletConfig context2) {}
 }
 </pre>
 </div></div><h2 id="JAXRSServicesConfiguration-Programmatically">Programmatically</h2><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
 sf.setResourceClass(CustomerService.class);
 sf.setResourceProvider(new SingletonResourceProvider(new CustomerService()));
 sf.setResourceClass(CustomerService2.class);
 sf.setResourceProvider(new PerRequestResourceProvider(CustomerService.class));
 </pre>
 </div></div><h2 id="JAXRSServicesConfiguration-PostConstructandPreDestroy">PostConstruct and PreDestroy</h2><p>Bean methods annotated with @PostConstruct and @PreDestroy annotations will be called as expected by the scope rules. <br clear="none"> Singleton beans will have their postconstruct method called when the endpoint is created. If a given singleton resource instance was created by Spring then its predestroy method will also be called after, for example, the web application which uses it is about to be unloaded. At the moment singletons created by CXFNonSpringJaxrsServlet or programmatically will only have their postconstruct method (if any) called.</p><p>Prototype beans will have their postconstruct and predestroy method called before a resource method is invoked and immediately after the invocation has returned but before the response has actually been serialized. You can indicate that the predestroy method has to be called after the request has completely gone out of scope 
 (that is after the response body if any has been written to the output stream) by adding an "org.apache.cxf.jaxrs.service.scope" property with the value set to "request".</p><p>You can also register a custom Spring resource factory by extending org.apache.cxf.jaxrs.spring.SpringResourceFactory or providing a more sophisticated implementation.</p><h1 id="JAXRSServicesConfiguration-Locatingcustomresourcesinwebapplications">Locating custom resources in web applications</h1><p>Resources like schemas, custom XSLT templates and user models are typically referenced using a classpath: prefix. Thus one can add them to a WEB-INF/classes folder in a given web application.<br clear="none"> Since CXF 2.2.3 one can put them directly under WEB-INF, for example into WEB-INF/xslt, WEB-INF/schemas, WEB-INF/model and referencing them like 'classpath:/WEB-INF/xslt/template.xsl'.</p><h1 id="JAXRSServicesConfiguration-Multipleendpointsandresourceclasses">Multiple endpoints and resource classes</h1><p>One
  can configure as many jaxrs:server endpoints as needed for a given application, with every endpoint possibly providing an alternative path to a single resource bean. Every endpoint can employ as many shared or unique resource classes as needed, and have common or different providers.</p><h1 id="JAXRSServicesConfiguration-Sharingprovidersbetweenmultipleendpoints">Sharing providers between multiple endpoints</h1><p>One way to share multiple providers between multiple endpoints is to refer to the same provider bean from within jaxrs:provider sections:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;beans&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;beans&gt;
   &lt;jaxrs:server id="customerService" address="/service1"&gt;
     &lt;jaxrs:serviceBeans&gt;
       &lt;bean class="org.apache.cxf.systest.jaxrs.CustomerService"/&gt;
@@ -732,7 +732,7 @@ sf.setResourceProvider(new PerRequestRes
 
 </pre>
 </div></div><p>Starting from CXF 2.7.2 it is possible to register provider directly on the bus as the bus properties and share them between all the providers using this bus:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;beans&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;beans&gt;
   
   &lt;cxf:bus&gt;
         &lt;cxf:properties&gt;
@@ -757,7 +757,7 @@ sf.setResourceProvider(new PerRequestRes
   &lt;/beans&gt;
 </pre>
 </div></div><p>Note a global exception mapper has been registered using the name of interface, "javax.ws.rs.ext.ExceptionMapper", which all the exception mappers have to implement.</p><p>Note that once can register global per-bus providers using "javax.ws.rs.ext.ExceptionMapper", "javax.ws.rs.ext.MessageBodyReader" or "javax.ws.rs.ext.MessageBodyWriter" bus properties with the registered providers expected to implement either of these interfaces.</p><p>Alternatively, one can have all the providers (JAX-RS and CXF-specific) registered with a bus using "org.apache.cxf.jaxrs.bus.providers" list property:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;beans xmlns:util="http://www.springframework.org/schema/util"&gt;
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;beans xmlns:util="http://www.springframework.org/schema/util"&gt;
   
   &lt;cxf:bus&gt;
         &lt;cxf:properties&gt;
@@ -790,7 +790,7 @@ sf.setResourceProvider(new PerRequestRes
   &lt;/beans&gt;
 </pre>
 </div></div><h1 id="JAXRSServicesConfiguration-DynamicservletsandasingleJAX-RSendpoint">Dynamic servlets and a single JAX-RS endpoint</h1><p>Note: this is not required by default starting from CXF 3.0.0-milestone1</p><p>In some advanced cases you may want to dynamically add new servlets (CXFServlet or CXFNonSpringJaxrsServlet) with all of them serving the same JAX-RS endpoints. In this case you most likely want to configure servlets so that the CXF endpoint address is not overridden :</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">{code:xml}
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">{code:xml}
 &lt;servlet&gt;
  &lt;servlet-name&gt;CXFServlet&lt;/servlet-name&gt;
  &lt;display-name&gt;CXF Servlet&lt;/display-name&gt;
@@ -809,9 +809,9 @@ sf.setResourceProvider(new PerRequestRes
 &lt;/servlet&gt;
 </pre>
 </div></div><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&#160;</pre>
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&#160;</pre>
 </div></div><h1 id="JAXRSServicesConfiguration-Auto-discoveryofrootresourcesandproviders">Auto-discovery of root resources and providers</h1><p>Starting from CXF 3.0.0 it is possible to enable the auto-discovery of JAX-RS roots and providers with the regular CXF JAX-RS endpoint declarations done in XML . Currently it is only possible with Spring. Patch supporting it for Blueprint is available and will be dealt with asap.</p><pre>&#160;</pre><h2 id="JAXRSServicesConfiguration-Spring.1">Spring</h2><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;beans xmlns="http://www.springframework.org/schema/beans"
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:jaxrs="http://cxf.apache.org/jaxrs"
       xsi:schemaLocation="
@@ -836,7 +836,7 @@ sf.setResourceProvider(new PerRequestRes
 
 </pre>
 </div></div><p>Note the above does not require Spring annotations such as&#160;@Component added to JAX-RS provider or resources.</p><p>If you prefer doing a pure Spring-based auto-discovery you can have @Component added to JAX-RS application classes and do</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence" style="font-size:12px;">&lt;beans xmlns="http://www.springframework.org/schema/beans"
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:jaxrs="http://cxf.apache.org/jaxrs"
       xsi:schemaLocation="



Mime
View raw message