...
Register both JWS and JWE out filters if the data need to be signed and encrypted (the filters are ordered such that the data are signed first and encrypted next) and JWS and JWE in filters if the signed data need to be decrypted first and then verified.
JWS
...
JwsWriterInterceptor creates compact JWS sequences on the client or server out directions. For example, if you have the client code posting a Book or the server code returning a Book, with this Book representation expected to be signed, then add JwsWriterInterceptor and set the signature properties on the JAX-RS client or server.
...
Code Block | ||||
---|---|---|---|---|
| ||||
@Test public void testJwsJwkBookHMac() throws Exception { String address = "https://localhost:" + PORT + "/jwsjwkhmac"; BookStore bs = createJwsBookStore(address); Book book = bs.echoBook(new Book("book", 123L)); assertEquals("book", book.getName()); assertEquals(123L, book.getId()); } private BookStore createJwsBookStore(String address, List<?> mbProviders) throws Exception { JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); bean.setServiceClass(BookStore.class); bean.setAddress(address); List<Object> providers = new LinkedList<Object>(); // JWS Compact Out JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor(); // enable streaming jwsWriter.setUseJwsOutputStream(true); providers.add(jwsWriter); // JWS Compact In providers.add(new JwsClientResponseFilter()); // Book to/from JSON providers.add(new JacksonJsonProvider()); bean.setProviders(providers); // point to the JWS security properties bean.getProperties(true).put("rs.security.signature.properties", "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"); // enable the tracing of JWS headers bean.getProperties(true).put("jose.debug", true); return bean.create(BookStore.class); } |
The above code shows a client proxy code but WebClient can be created instead. The server is configured here. The client can be configured in Spring/Blueprint too.
JwsJsonWriterInterceptor creates JWS JSON sequences on the client or server out directions.
...
No Format |
---|
{ "payload" : "{"Book":{"id":123,"name":"book"}}", "signatures": [ { "protected" : "eyJhbGciOiJIUzI1NiIsImN0eSI6Impzb24iLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ", "signature" : "AwHX5IVrGLXQicma-aaRAyLuHQcKc65fE3ucl_LonO8" } ] } |
The client code and server configuration is nearly identical to a code/configuration needed to set up JWS Compact filters as shown above, simply replace JwsWriterInterceptor/JwsClientResponseFilter with JwsJsonWriterInterceptor/JwsJsonClientResponseFilter in the client code, and JwsContainerRequestFilter/JwsContainerResponseFilter with JwsJsonContainerRequestFilter/JwsJsonContainerResponseFilter
JWE
JweWriterInterceptor creates Compact JWE sequences on the client or server out directions. For example, if you have the client code posting a Book or the server code returning a Book, with this Book representation expected to be encrypted, then add JweWriterInterceptor and set the encryption properties on the JAX-RS client or server.
...