...
Here is the example showing how a Book object (represented as an XML attachment on the wire) can be secured.
First the client and server set up, starting from the clientGiven this client code:
Code Block | ||
---|---|---|
| ||
@Test public void testJwsJwkBookHMacMultipart() throws Exception { String address = "https://localhost:" + PORT + "/jwsjwkhmacSinglePart"; BookStore bs = createJwsBookStoreHMac(address, true, false); Book book = bs.echoBookMultipart(new Book("book", 123L)); assertEquals("book", book.getName()); assertEquals(123L, book.getId()); } private BookStore createJwsBookStoreHMac(String address, boolean supportSinglePart, boolean useJwsJsonSignatureFormat) throws Exception { JAXRSClientFactoryBean bean = createJAXRSClientFactoryBean(address, supportSinglePart, useJwsJsonSignatureFormat); bean.getProperties(true).put("rs.security.signature.properties", "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"); bean.setServiceClass(BookStore.class); bean.setAddress(address); List<Object> providers = new LinkedList<Object>(); JwsMultipartClientRequestFilter outFilter = new JwsMultipartClientRequestFilter(); outFilter.setSupportSinglePartOnly(supportSinglePart); outFilter.setUseJwsJsonSignatureFormat(useJwsJsonSignatureFormat); providers.add(outFilter); JwsMultipartClientResponseFilter inFilter = new JwsMultipartClientResponseFilter(); inFilter.setSupportSinglePartOnly(supportSinglePart); providers.add(inFilter); providers.add(new JwsDetachedSignatureProvider()); bean.setProviders(providers); return bean.create(BookStore.class); } |
and the relevant server code and configuration:
Code Block |
---|
@Path("/bookstore")
public class BookStore {
@POST
@Path("/books")
@Produces("multipart/related")
@Consumes("multipart/related")
@Multipart(type = "application/xml")
public Book echoBookMultipart(@Multipart(type = "application/xml") Book book) {
return book;
}
} |
and server configuration:
Code Block | ||
---|---|---|
| ||
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:jaxrs="http://cxf.apache.org/jaxrs">
<bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jose.BookStore"/>
<bean id="jwsInMultipartFilter" class="org.apache.cxf.rs.security.jose.jaxrs.multipart.JwsMultipartContainerRequestFilter"/>
<bean id="jwsOutMultipartFilter" class="org.apache.cxf.rs.security.jose.jaxrs.multipart.JwsMultipartContainerResponseFilter"/>
<bean id="jwsDetachedSignatureWriter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsDetachedSignatureProvider"/>
<jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jws-multipart}/jwsjwkhmacSinglePart">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="jwsInMultipartFilter"/>
<ref bean="jwsOutMultipartFilter"/>
<ref bean="jwsDetachedSignatureWriter"/>
</jaxrs:providers>
<jaxrs:properties>
<entry key="rs.security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
</jaxrs:properties>
</jaxrs:server>
</beans |
the following request is produced on the wire:
No Format |
---|
ID: 1
Address: https://localhost:9001/jwsjwkhmacSinglePart/bookstore/books
Http-Method: POST
Content-Type: multipart/related; type="application/xml"; boundary="uuid:35b4dd32-470d-4f27-b3c2-2c194f924770"; start="<root.message@cxf.apache.org>"
Headers: {Accept=[multipart/related], Connection=[Keep-Alive]}
Payload:
--uuid:35b4dd32-470d-4f27-b3c2-2c194f924770
Content-Type: application/xml
Content-Transfer-Encoding: binary
Content-ID: <root.message@cxf.apache.org>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Book><id>123</id><name>book</name></Book>
--uuid:35b4dd32-470d-4f27-b3c2-2c194f924770
Content-Type: application/jose
Content-Transfer-Encoding: binary
Content-ID: <signature>
eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJIUzI1NiJ9..LWMjPoronjdGmJFAAIuCc_qh9sI2i5Jc2onBd-fHdMM
--uuid:35b4dd32-470d-4f27-b3c2-2c194f924770-- |
with the response being formated identically.
Enabling a JWS JSON format will produce a flattened JWS JSON signature in the last part:
No Format |
---|
ID: 1
Address: https://localhost:9001/jwsjwkhmacSinglePartJwsJson/bookstore/books
Http-Method: POST
Content-Type: multipart/related; type="application/xml"; boundary="uuid:75b37fab-1745-45b7-93ac-15aa9add9b25"; start="<root.message@cxf.apache.org>"
Headers: {Accept=[multipart/related], Connection=[Keep-Alive]}
Payload:
--uuid:75b37fab-1745-45b7-93ac-15aa9add9b25
Content-Type: application/xml
Content-Transfer-Encoding: binary
Content-ID: <root.message@cxf.apache.org>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Book><id>123</id><name>book</name></Book>
--uuid:75b37fab-1745-45b7-93ac-15aa9add9b25
Content-Type: application/jose
Content-Transfer-Encoding: binary
Content-ID: <signature>
{"protected":"eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJIUzI1NiJ9","signature":"LWMjPoronjdGmJFAAIuCc_qh9sI2i5Jc2onBd-fHdMM"}
--uuid:75b37fab-1745-45b7-93ac-15aa9add9b25-- |
JWE
JweWriterInterceptor creates Compact JWE sequences on the client or server out directions. For example, if you have the client code posting a Book or the server code returning a Book, with this Book representation expected to be encrypted, then add JweWriterInterceptor and set the encryption properties on the JAX-RS client or server.
...