THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
| Span | ||
|---|---|---|
| ||
| JAX-RS: XML Security |
| Table of Contents |
|---|
Introduction
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-rs-security-xml</artifactId> <version>2.5.2</version> </dependency> |
Backwards compatibility configuration note
From Apache CXF 3.1.0, the WS-Security based configuration tags used to configure XML Signature or Encryption ("ws-security-*") have been changed to just start with "security-". Apart from this they are exactly the same. Older "ws-security-" values continue to be accepted in CXF 3.1.0. To use any of the configuration examples in this page with an older version of CXF, simply add a "ws-" prefix to the configuration tag.
XML Signature
XML Signature defines 3 types of signatures: enveloped, enveloping and detached. All the three types are supported by CXF JAX-RS.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.BookStore"/>
<bean id="xmlSigHandler" class="org.apache.cxf.rs.security.xml.XmlSigInHandler"/>
<bean id="xmlSigOutHandler" class="org.apache.cxf.rs.security.xml.XmlSigOutInterceptor"/>
<jaxrs:server address="/xmlsig">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<!--
Required for validating the in signature and removing it from the payload.
It also persists the signature on the current Message which can be disabled.
-->
<jaxrs:providers>
<ref bean="xmlSigHandler"/>
</jaxrs:providers>
<!--
Required for adding a new signature to the outbound payload
-->
<jaxrs:outInterceptors>
<ref bean="xmlSigOutHandler"/>
</jaxrs:outInterceptors>
<jaxrs:properties>
<entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
<entry key="ws-security.signature.properties"
value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
</jaxrs:properties>
</jaxrs:server>
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
String address = "https://localhost:8080/xmlsig/bookstore/books";
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
// setup properties
Map<String, Object> properties = new HashMap<String, Object>();
properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
properties.put("ws-security.signature.username", "alice");
properties.put("ws-security.signature.properties",
"org/apache/cxf/systest/jaxrs/security/alice.properties");
bean.setProperties(properties);
// add the interceptor which will add a signature to the outbound payload
XmlSigOutInterceptor sigOutInterceptor = new XmlSigOutInterceptor();
bean.getOutInterceptors().add(sigOutInterceptor);
// add the interceptor which will validate a signature in the inbound payload
XmlSigInInterceptor sigInInterceptor = new XmlSigInInterceptor();
bean.getInInterceptors().add(sigInInterceptor);
// load a bus with HTTPS configuration:
SpringBusFactory bf = new SpringBusFactory();
Bus bus = bf.createBus(configLocation);
bean.setBus(bus);
// use WebClient (or proxy) as usual
WebClient wc = bean.createWebClient();
Book book = wc.post(new Book("CXF", 126L), Book.class);
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.BookStore"/>
<bean id="xmlSigInHandler" class="org.apache.cxf.rs.security.xml.XmlSigInHandler"/>
<bean id="xmlEncInHandler" class="org.apache.cxf.rs.security.xml.XmlEncInHandler"/>
<jaxrs:server address="/xmlsig">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="xmlEncHandler"/>
<ref bean="xmlSigHandler"/>
</jaxrs:providers>
<jaxrs:properties>
<entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
<entry key="ws-security.encryption.properties"
value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
<entry key="ws-security.signature.properties"
value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
</jaxrs:properties>
</jaxrs:server>
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
String address = "https://localhost:8080/xmlencryption/bookstore/books";
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
// setup properties
Map<String, Object> properties = new HashMap<String, Object>();
properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
properties.put("ws-security.encryption.username", "bob");
properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
// if signature required:
properties.put("ws-security.signature.username", "alice");
properties.put("ws-security.signature.properties",
"org/apache/cxf/systest/jaxrs/security/alice.properties");
bean.setProperties(properties);
// if signature required: add the interceptor dealing with adding a signature
XmlSigOutInterceptor sigInterceptor = new XmlSigOutInterceptor();
bean.getOutInterceptors().add(sigInterceptor);
// add the interceptor dealing with the encryption
XmlEncOutInterceptor encInterceptor = new XmlEncOutInterceptor();
encInterceptor.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
bean.getOutInterceptors().add(encInterceptor);
// use WebClient (or proxy) as usual
WebClient wc = bean.createWebClient();
Response r = wc.post(new Book("CXF", 126L), Book.class);
assertEquals(200, r.getStatus());
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.BookStore"/>
<bean id="xmlSigInHandler" class="org.apache.cxf.rs.security.xml.XmlSigInHandler"/>
<bean id="xmlSigOutHandler" class="org.apache.cxf.rs.security.xml.XmlSigOutInterceptor"/>
<bean id="xmlEncInHandler" class="org.apache.cxf.rs.security.xml.XmlEncInHandler"/>
<bean id="xmlEncOutHandler" class="org.apache.cxf.rs.security.xml.XmlEncOutInterceptor">
<property name="symmetricEncAlgorithm" value="aes128-cbc"/>
</bean>
<jaxrs:server address="/xmlsec">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="xmlEncInHandler"/>
<ref bean="xmlSigInHandler"/>
</jaxrs:providers>
<jaxrs:outInterceptors>
<ref bean="xmlSigOutHandler"/>
<ref bean="xmlEncOutHandler"/>
</jaxrs:outInterceptors>
<jaxrs:properties>
<entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
<entry key="ws-security.encryption.properties"
value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
<entry key="ws-security.signature.properties"
value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
</jaxrs:properties>
</jaxrs:server>
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<!-- server -->
<jaxrs:server>
<jaxrs:properties>
<entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
<entry key="ws-security.encryption.properties"
value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
<entry key="ws-security.encryption.username" value="useReqSigCert"/>
<entry key="ws-security.signature.properties"
value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
</jaxrs:properties>
</jaxrs:server>
<jaxrs:client>
<jaxrs:properties>
<entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
<entry key="ws-security.encryption.properties"
value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
<entry key="ws-security.encryption.username" value="bob"/>
<entry key="ws-security.signature.properties"
value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
<entry key="ws-security.signature.username" value="alice"/>
</jaxrs:properties>
</jaxrs:client>
|
The "ws-security.encryption.username" server property is set to "useReqSigCert".
...