THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Span | ||
|---|---|---|
| ||
| JAX-RS: Security |
...
| Table of Contents |
|---|
HTTPS
Transport-level protection of JAX-RS endpoints can be managed by underlying Servlet containers, for example, see this Tomcat SSL Configuration section.
...
| Code Block |
|---|
grant codeBase "file:${catalina.home}/webapps/yourwebapp/lib/cxf.jar" {
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
|
Advanced Security
...
Securing JAX-RS messages
CXF provides a number of different ways to secure XML Security, JAX-RS SAML and messages:
- XML messages can be secured via XML Signature and XML Encryption. See JAX-RS
...
- XML Security for more information.
- Messages can be signed and/or encryption using JOSE. In addition, authentication and authorization can be achieved using JSON Web Tokens. See JAX-RS JOSE for more information.
- Security claims can be conveyed via SAML assertions. See JAX-RS SAML for more information.
- Messages can be signed via HTTP Signature. See JAX-RS HTTP Signature for more information.
OAuth 2.0 / OpenId Connect.
CXF supports both OAuth 2.0 and OpenId Connect:
- See JAX-RS OAuth2 for information about OAuth 2.0.
- See JAX-RS OIDC for information about OpenId Connect.
Restricting large payloads
...