...

This approach does not prevent the streaming of the outgoing data (which will also be protected by the filters) and offers a way to secure the HTTP headers which are really important for the correct processing of the incoming payloads

JOSE in JAX-RS application code

In some cases you may need to create or process the JOSE data directly in the service or client application code. For example, one of the properties in the request or response payload needs to be JWS signed/verified and/or JWE encrypted/decrypted. The following 2 options can be tried.

Option 1:  Process JOSE directly

This option is about using the CXF JOSE library to sign, encrypt, or/and decrypt and verify the data as documented above. This option should be preferred if one needs to keep a closer control, for example, set the custom JWS or JWE headers, etc.

Option 2:  Use JOSE library helpers and Endpoint Configuration

This option makes it straighforward to do JOSE in the application code. One has to extend or delegate to a specific JOSE helper instance and configure the endpoint with the locatiion of the key store.

Produce JOSE data

Step1. Use JoseProducer or JoseJwtProducer

Step2. Set the key store location

Consume JOSE data

Step1. Use JoseConsumer or JoseJwtConsumer

Step2. Set the key store location

Produce and Consume JOSE data

Step1. Use JoseProducerConsumer or JoseJwtProducerConsumer

Step2. Set the key store location

Configuration

CXF JOSE configuration provides for loading JWS and JWE keys and supporting various processing options. Configuration properties can be shared between JWS and JWE processors or in/out only JWS and or JWE properties can be set.

...