...
Table of Contents |
---|
Introduction
CXF 3.0.x implements JOSE.
Maven Dependencies
...
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-rs-security-jose</artifactId>
<version>3.0.4</version>
</dependency>
JOSE Overview
JOSE is a set of high quality specifications that specify how data payloads can be signed and/or encrypted JOSE is a set of high quality specifications that specify how data payloads can be signed/validated and/or encrypted/decrypted with the cryptographic properties set in the JSON-formatted metadata (headers).
Note that not only JSON documents but also documents in the arbitrary formats can be secured: text, binary data, even XML.
The data to be secured can be in JSON or some other format (plain text, XML, binary data).
JOSE is JOSE is a key piece of the advanced OAuth2-based applications such as OpenIdConnect but is also perfect at can also be successfully used for securing the regular HTTP web service communications.
At the moment two signature and encryption output formats are supported: compact and JSON.
Compact format is a concatenation of Base64URL-encoded JOSE headers (where the cryptographic signature or encryption properties are set),
Base64URL-encoded payload (in the original form if it is signed, otherwise - encrypted), plus Base64URL-encoded signature of the payload or some of encryption process input or output data
such as an initialization vector, authentication tag, etc.
The JSON (full) format is where all the information describing a signature or encryption process is presented in a not-compact, regular JSON document, offering a non-optimized but easier to understand format.
The JSON format also supports multiple signatures when signing the content or multiple content key encryptions when encrypting the content which can be useful when multiple recipients are involved.
The signature process also supports the detached body mode where the body to be signed is not included in the actual output - assuming that both the consumer and producer know how to access the original payload in order to
validate the signature.
CXF 3.1.x and 3.2.0 provides a complete implementation of JOSE.
Maven Dependencies
Having the following dependency will let the developers write JOSE code: creating and securing JSON Web Tokens (JWT), and securing the arbitrary data (not only JSON)
Code Block | ||||
---|---|---|---|---|
| ||||
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-rs-security-jose</artifactId>
<version>3.1.7</version>
</dependency>
|
Having the following dependency will let the developers use JAX-RS JOSE filters which will transparently sign and/or encrypt the data streams, and decrypt or/and validate the incoming JOSE sequences and make the original data available for the processing.
Code Block | ||||
---|---|---|---|---|
| ||||
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-rs-security-jose-jaxrs</artifactId>
<version>3.1.7</version>
</dependency>
|
JOSE Overview
The following subsections will have the examples with more details.
JWA Algorithms
All JOSE signature and encryption algorithms are grouped and described in a JSON Web Algorithms (JWA) specification.
...