Versions Compared

Old Version 68

changes.mady.by.user Sergey Beryozkin

Saved on

compared with

New Version 69

changes.mady.by.user Sergey Beryozkin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Register both JWS and JWE out filters if the data need to be signed and encrypted (the filters are ordered such that the data are signed first and encrypted next) and JWS and JWE in filters if the signed data need to be decrypted first and then verified.

JWS

JWS Compact

JwsWriterInterceptor creates compact JWS sequences on the client or server out directions. For example, if you have the client code posting a Book or the server code returning a Book, with this Book representation expected to be signed, then add JwsWriterInterceptor and set the signature properties on the JAX-RS client or server.

...

Code Block
languagejava
titleClient JWS SetUp
    	public void testJwsJwkBookHMac() throws Exception {
        String address = "https://localhost:" + PORT + "/jwsjwkhmac";
        BookStore bs = createJwsBookStore(address);
        Book book = bs.echoBook(new Book("book", 123L));
        assertEquals("book", book.getName());
        assertEquals(123L, book.getId());
    }
    private BookStore createJwsBookStore(String address, 
                                         List<?> mbProviders) throws Exception {
        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
        bean.setServiceClass(BookStore.class);
        bean.setAddress(address);
        List<Object> providers = new LinkedList<Object>();
        // JWS Compact Out
        JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
        // enable streaming 
        jwsWriter.setUseJwsOutputStream(true);
        // The payload is encoded by default,  providersdisable it if required
        // jwsWriter.setEncodePayload(false);
        providers.add(jwsWriter);
        // JWS Compact In
        providers.add(new JwsClientResponseFilter());
        // Book to/from JSON
        providers.add(new JacksonJsonProvider());
        bean.setProviders(providers);
        // point to the JWS security properties
        bean.getProperties(true).put("rs.security.signature.properties", 
            "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties");
        // enable the tracing of JWS headers
        bean.getProperties(true).put("jose.debug", true);
        
        return bean.create(BookStore.class);
    }

The above code shows a client proxy code but WebClient can be created instead. The server is configured here. The client can be configured in Spring/Blueprint too.

JWS Compact With Unencoded Payload

Starting from CXF 3.1.7 it is also possible to produce JWS Compact sequences with the unencoded payload (See JWS With Clear Unencoded Payload above for restrictions).

...

Note that a 2nd part, "book", is not Base64Url encoded. Set an 'encodePayload' option on the request or response JWS Compact filter to 'false'.

JWS JSON

JwsJsonWriterInterceptor creates JWS JSON sequences on the client or server out directions. 

...

Note the Base64Url encoded payload goes first, followed by the 'signatures' array, with each element containing the protected headers and the actual signature specific to a given signature key.

JWS JSON with Unencoded Payload

Enabling the clear unencoded JWS payload option wilkl will produce:

No Format
{
 "payload" : "book",  
 "signatures": 
   [
      {
       "protected" : "eyJhbGciOiJIUzI1NiIsImN0eSI6InRleHQvcGxhaW4iLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ",
       "signature" : "fM7O2IVO3NsQeTGrFiMeLf_TKTsMSqnqmjnK40PwQ88"
      }
   ]
}

...

No Format
ID: 1
Address: https://localhost:9001/jwsjwkhmacSinglePartJwsJson/bookstore/books
Http-Method: POST
Content-Type: multipart/related; type="application/xml"; boundary="uuid:75b37fab-1745-45b7-93ac-15aa9add9b25"; start="<root.message@cxf.apache.org>"
Headers: {Accept=[multipart/related], Connection=[Keep-Alive]}
Payload: 
--uuid:75b37fab-1745-45b7-93ac-15aa9add9b25
Content-Type: application/xml
Content-Transfer-Encoding: binary
Content-ID: <root.message@cxf.apache.org>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Book><id>123</id><name>book</name></Book>
--uuid:75b37fab-1745-45b7-93ac-15aa9add9b25
Content-Type: application/jose
Content-Transfer-Encoding: binary
Content-ID: <signature>

{"protected":"eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJIUzI1NiJ9","signature":"LWMjPoronjdGmJFAAIuCc_qh9sI2i5Jc2onBd-fHdMM"}
--uuid:75b37fab-1745-45b7-93ac-15aa9add9b25--

JWE

JWE Compact

JweWriterInterceptor creates Compact JWE sequences on the client or server out directions. For example, if you have the client code posting a Book or the server code returning a Book, with this Book representation expected to be encrypted, then add JweWriterInterceptor and set the encryption properties on the JAX-RS client or server.

...

The above code shows a client proxy code but WebClient can be created instead. The server is configured here. The client can be configured in Spring/Blueprint too.

JWE JSON

JweJsonWriterInterceptor creates JWE JSON sequences on the client or server out directions. 

...