...
This approach does not prevent the streaming of the outgoing data (which will also be protected by the filters) and offers a way to secure the HTTP headers which are really important for the correct processing of the incoming payloads
JOSE in JAX-RS application code
In some cases you may need to create or process the JOSE data directly in the service or client application code. For example, one of the properties in the request or response payload needs to be JWS signed/verified and/or JWE encrypted/decrypted. The following 2 options can be tried.
Option 1: Process JOSE directly
This option is about using the CXF JOSE library to sign, encrypt, or/and decrypt and verify the data as documented above. This option should be preferred if one needs to keep a closer control, for example, set the custom JWS or JWE headers, etc.
Option 2: Use JOSE library helpers and Endpoint Configuration
This option makes it straighforward to do JOSE in the application code. One has to extend or delegate to a specific JOSE helper instance and configure the endpoint with the locatiion of the key store.
Produce JOSE data
Step1. Use JoseProducer or JoseJwtProducer
Step2. Set the key store location
Consume JOSE data
Step1. Use JoseConsumer or JoseJwtConsumer
Step2. Set the key store location
Produce and Consume JOSE data
Step1. Use JoseProducerConsumer or JoseJwtProducerConsumer
Step2. Set the key store location
Configuration
CXF JOSE configuration provides for loading JWS and JWE keys and supporting various processing options. Configuration properties can be shared between JWS and JWE processors or in/out only JWS and or JWE properties can be set.
...