Versions Compared

Old Version 59

changes.mady.by.user Sergey Beryozkin

Saved on

compared with

New Version 60

changes.mady.by.user Sergey Beryozkin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Here is the example showing how a Book object (represented as an XML attachment on the wire) can be secured.

First the client and server set up, starting from the clientGiven this client code:

Code Block
languagejava
@Test
public void testJwsJwkBookHMacMultipart() throws Exception {
    String address = "https://localhost:" + PORT + "/jwsjwkhmacSinglePart";
    BookStore bs = createJwsBookStoreHMac(address, true, false);
    Book book = bs.echoBookMultipart(new Book("book", 123L));
    assertEquals("book", book.getName());
    assertEquals(123L, book.getId());
}
private BookStore createJwsBookStoreHMac(String address, 
                                         boolean supportSinglePart,
                                         boolean useJwsJsonSignatureFormat) throws Exception {
     JAXRSClientFactoryBean bean = createJAXRSClientFactoryBean(address, supportSinglePart, 
                                                                   useJwsJsonSignatureFormat);
     bean.getProperties(true).put("rs.security.signature.properties",
         "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties");

     bean.setServiceClass(BookStore.class);
     bean.setAddress(address);
     List<Object> providers = new LinkedList<Object>();
     JwsMultipartClientRequestFilter outFilter = new JwsMultipartClientRequestFilter();
     outFilter.setSupportSinglePartOnly(supportSinglePart);
     outFilter.setUseJwsJsonSignatureFormat(useJwsJsonSignatureFormat);
     providers.add(outFilter);
     JwsMultipartClientResponseFilter inFilter = new JwsMultipartClientResponseFilter();
     inFilter.setSupportSinglePartOnly(supportSinglePart);
     providers.add(inFilter);
     providers.add(new JwsDetachedSignatureProvider());
     bean.setProviders(providers);
     return bean.create(BookStore.class);
}

and the relevant server code and configuration: 

Code Block
@Path("/bookstore")
public class BookStore {
    
    @POST
    @Path("/books")
    @Produces("multipart/related")
    @Consumes("multipart/related")
    @Multipart(type = "application/xml")
    public Book echoBookMultipart(@Multipart(type = "application/xml") Book book) {
        return book;
    }
}

and server configuration:

Code Block
languagexml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:jaxrs="http://cxf.apache.org/jaxrs">
    <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jose.BookStore"/>
    <bean id="jwsInMultipartFilter" class="org.apache.cxf.rs.security.jose.jaxrs.multipart.JwsMultipartContainerRequestFilter"/>
    <bean id="jwsOutMultipartFilter" class="org.apache.cxf.rs.security.jose.jaxrs.multipart.JwsMultipartContainerResponseFilter"/>
    <bean id="jwsDetachedSignatureWriter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsDetachedSignatureProvider"/>
    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jws-multipart}/jwsjwkhmacSinglePart">
        <jaxrs:serviceBeans>
            <ref bean="serviceBean"/>
        </jaxrs:serviceBeans>
        <jaxrs:providers>
            <ref bean="jwsInMultipartFilter"/>
            <ref bean="jwsOutMultipartFilter"/>
            <ref bean="jwsDetachedSignatureWriter"/>
        </jaxrs:providers>
        <jaxrs:properties>
            <entry key="rs.security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
        </jaxrs:properties>
    </jaxrs:server>
</beans

the following request is produced on the wire:

No Format
ID: 1
Address: https://localhost:9001/jwsjwkhmacSinglePart/bookstore/books
Http-Method: POST
Content-Type: multipart/related; type="application/xml"; boundary="uuid:35b4dd32-470d-4f27-b3c2-2c194f924770"; start="<root.message@cxf.apache.org>"
Headers: {Accept=[multipart/related], Connection=[Keep-Alive]}
Payload: 
--uuid:35b4dd32-470d-4f27-b3c2-2c194f924770
Content-Type: application/xml
Content-Transfer-Encoding: binary
Content-ID: <root.message@cxf.apache.org>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Book><id>123</id><name>book</name></Book>
--uuid:35b4dd32-470d-4f27-b3c2-2c194f924770
Content-Type: application/jose
Content-Transfer-Encoding: binary
Content-ID: <signature>

eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJIUzI1NiJ9..LWMjPoronjdGmJFAAIuCc_qh9sI2i5Jc2onBd-fHdMM
--uuid:35b4dd32-470d-4f27-b3c2-2c194f924770--

with the response being formated identically.

Enabling a JWS JSON format will produce a flattened JWS JSON signature in the last part:

No Format
ID: 1
Address: https://localhost:9001/jwsjwkhmacSinglePartJwsJson/bookstore/books
Http-Method: POST
Content-Type: multipart/related; type="application/xml"; boundary="uuid:75b37fab-1745-45b7-93ac-15aa9add9b25"; start="<root.message@cxf.apache.org>"
Headers: {Accept=[multipart/related], Connection=[Keep-Alive]}
Payload: 
--uuid:75b37fab-1745-45b7-93ac-15aa9add9b25
Content-Type: application/xml
Content-Transfer-Encoding: binary
Content-ID: <root.message@cxf.apache.org>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Book><id>123</id><name>book</name></Book>
--uuid:75b37fab-1745-45b7-93ac-15aa9add9b25
Content-Type: application/jose
Content-Transfer-Encoding: binary
Content-ID: <signature>

{"protected":"eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJIUzI1NiJ9","signature":"LWMjPoronjdGmJFAAIuCc_qh9sI2i5Jc2onBd-fHdMM"}
--uuid:75b37fab-1745-45b7-93ac-15aa9add9b25--

JWE

JweWriterInterceptor creates Compact JWE sequences on the client or server out directions. For example, if you have the client code posting a Book or the server code returning a Book, with this Book representation expected to be encrypted, then add JweWriterInterceptor and set the encryption properties on the JAX-RS client or server.

...