Versions Compared

Old Version 72

changes.mady.by.user Sergey Beryozkin

Saved on

compared with

New Version 73

changes.mady.by.user Sergey Beryozkin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Step1. Use JoseProducer or JoseJwtProducer

If you need to protect some non JWT property - extend or delegate to JoseProducer:

Code Block
languagejava
import org.apache.cxf.rs.security.jose.common.JoseProducer;
@Path("service1")
public class SecureService extends JoseProducer {
    @GET
    public String getProtectedValue() {
        // encrypt and/or sign the data
        return super.processData("some data");
    }
}

@Path("service2")
public class SecureService2 {
    
    private JoseProducer producer = new JoseProducer();
    @GET
    public String getProtectedValue() {
        // encrypt and/or sign the data
        return producer.processData("some data");
    }
}

 

If you need to protect some non JWT property - extend or delegate to JoseJwtProducer:

Code Block
languagejava
import org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer;
@Path("service1")
public class SecureService extends JoseJwtProducer {
    @GET
    public String getProtectedToken() {
        // encrypt and/or sign JWT
        JwtClaims claims = new JwtClaims();
        claims.setIssuer("some issuer");
        // set other claims
        return super.processJwt(new JwtToken(claims));
    }
}

@Path("service2")
public class SecureService2 {
    
    private JoseJwtProducer producer = new JoseJwtProducer();
    @GET
    public String getProtectedValue() {
        // encrypt and/or sign JWT
        return producer.processData(new JwtToken(new JwtClaims()));
    }
}

 In both cases the producer helpers will detect the endpoint specific configuration thus the do not need to be preconfigured - however if needed they have the 'encryptionProvider' and 'signatureProvider' setters which can be used to inject JwsSignatureProvider and/or JweSignatureProvider instances instead.

The producer helpers require a signature creation only by default. Use their 'setJwsRequired' or 'setJwsRequired' properties to customize it - example, disable JWS but require JWE, or enable JWE to get JWS-protected data encrypted as well.

Step2. Set the key store location and the algorithm info

 

Consume JOSE data

Step1. Use JoseConsumer or JoseJwtConsumer

Step2. Set the key store location and the algorithm info

Produce and Consume JOSE data

Step1. Use JoseProducerConsumer or JoseJwtProducerConsumer

Step2. Set the key store location and the algorithm info

Configuration

CXF JOSE configuration provides for loading JWS and JWE keys and supporting various processing options. Configuration properties can be shared between JWS and JWE processors or in/out only JWS and or JWE properties can be set.

...