THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-rs-security-jose</artifactId> <version>3.10.0<4</version> </dependency> |
JOSE Overview
...
The JSON (full) format is where all the information describing a signature or encryption process is presented in a not-compact, regular JSON document, offering a non-optimized but easier to understand format.
The JSON format also supports multiple signatures when signing the content or multiple content key encryptions when encrypting the content which can be useful when multiple recipients are involved.
The signature process also supports the detached body mode where the body to be signed is not included in the actual output - assuming that both the consumer and producer know how to access the original payload in order to
...
algorithm: the properties, recommended key sizes, other security considerations related to all of or some specific algorithms.
CXF offers the initial utility support for working with JWA algorithms in this package.
JWK Keys
Json Web Key (JWK) is a JSON document describing the cryptographic key properties. JWKs are very flexible and light-weight (in most cases) and one can expect JWKs becoming one of the major
...
representations is sufficient but JWK is a first class citizen in JOSE with all of JOSE examples using JWK representations.
CXF offers a utility support for reading and writing JWK keys and key sets and for working with the encrypted inlined and standalone JWK stores in this package.
JWS Signature
JSON Web Signature (JWS) document describes how a document content can be signed. For example, Appendix A1 shows how the content can be signed with a MAC key.
Here is one of the ways you can do it in CXF, where a Json Web Token (JWT, see one of the next sections) is signed by a MAC key:
| Code Block | ||||
|---|---|---|---|---|
| ||||
// sign
JoseHeaders headers = new JoseHeaders();
headers.setAlgorithm(SignatureAlgorithm.HS256.getJwaName());
JwtClaims claims = new JwtClaims();
claims.setIssuer("joe");
claims.setExpiryTime(1300819380L);
claims.setClaim("http://example.com/is_root", Boolean.TRUE);
JwtToken token = new JwtToken(headers, claims);
JwsCompactProducer jws = new JwsJwtCompactProducer(token);
jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256));
assertEquals(ENCODED_TOKEN_SIGNED_BY_MAC, jws.getSignedEncodedJws());
// validate
JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_MAC);
assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
SignatureAlgorithm.HS256)));
JwtToken token = jws.getJwtToken();
JoseHeaders headers = token.getHeaders();
assertEquals(SignatureAlgorithm.HS256.getJwaName(), headers.getAlgorithm());
validateClaims(token.getClaims()); |
CXF ships JWS related classes in this package.
JwsSignatureProvider supports signing the content, JwsSignatureVerifier - validating the signatures. Providers and verifiers supporting RSA, HMac and Elliptic Curve signature algorithms are shipped.
JwsCompactConsumer and JwsCompactProducer offer a utility support for creating and validating JWS compact serialization and accept keys in a variety of formats
(as JWKs, JCA representations, created out of band and wrapped in either JwsSignatureProvider or JwsSignatureVerifier).
JwsJwtCompactConsumer and JwsJwtCompactProducer are JwsCompactConsumer and JwsCompactProducer specializations that offer a utility support for signing Json Web Tokens in a compact format.
JwsJsonConsumer and JwsJsonProducer support JWS JSON (full) serialization.
JwsOutputStream and JwsJsonOutputStream are specialized output streams that can be used in conjunction with JWS JAX-RS filters (see one of the next sections)
to support the best effort at streaming the content while signing it. These classes will use JwsSignature optionally returned from JwsSignatureProvider
instead of working with the consumer utility classes which deal with the signature process completely in memory.
Many more examples will be added here.
JSON Encryption
JSON Web Tokens
JOSE JAX-RS
...
Filters
Configuration
OAuth2 and Jose
Third-Party Alternatives
...