Versions Compared

Old Version 73

changes.mady.by.user Sergey Beryozkin

Saved on

compared with

New Version 74

changes.mady.by.user Sergey Beryozkin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejava
import org.apache.cxf.rs.security.jose.common.JoseProducer;
@Path("service1service")
public class SecureService extends JoseProducer {
    @GET
    public String getProtectedValue() {
        // encrypt and/or sign the data
        return super.processData("some data");
    }
}

// or

@Path("service2service")
public class SecureService2SecureService {
    
    private JoseProducer producer = new JoseProducer();
    @GET
    public String getProtectedValue() {
        // encrypt and/or sign the data
        return producer.processData("some data");
    }
}

...

If you need to protect some non JWT property - extend or delegate to JoseJwtProducer:

Code Block
languagejava
import org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer;
@Path("service1service")
public class SecureService extends JoseJwtProducer {
    @GET
    public String getProtectedToken() {
        // encrypt and/or sign JWT
        JwtClaims claims = new JwtClaims();
        claims.setIssuer("some issuer");
        // set other claims
        return super.processJwt(new JwtToken(claims));
    }
}

// or

@Path("service2service")
public class SecureService extends SecureService2AbstractSecureService {
    
    private JoseJwtProducer producer = new JoseJwtProducer();
    @GET
    public String getProtectedValue() {
        // encrypt and/or sign JWT
        return producer.processData(new JwtToken(new JwtClaims()));()));
    }
}

 In both cases the producer helpers will detect the endpoint specific configuration thus they do not need to be preconfigured - however if needed they have the 'encryptionProvider' and 'signatureProvider' setters which can be used to inject JwsSignatureProvider and/or JweSignatureProvider instances instead.

The producer helpers require a signature creation only by default. Use their 'setJwsRequired' or 'setJwsRequired' properties to customize it - example, disable JWS but require JWE, or enable JWE to get JWS-protected data encrypted as well.

Step2. Set the key store location and the algorithm info

 

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:jaxrs="http://cxf.apache.org/jaxrs">
    <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jose.SecureService"/>
    <jaxrs:server address="/secure">
        <jaxrs:serviceBeans>
            <ref bean="serviceBean"/>
        </jaxrs:serviceBeans>
        <jaxrs:properties>
            <entry key="rs.security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
         </jaxrs:properties>

...

 In both cases the producer helpers will detect the endpoint specific configuration thus the do not need to be preconfigured - however if needed they have the 'encryptionProvider' and 'signatureProvider' setters which can be used to inject JwsSignatureProvider and/or JweSignatureProvider instances instead.

The producer helpers require a signature creation only by default. Use their 'setJwsRequired' or 'setJwsRequired' properties to customize it - example, disable JWS but require JWE, or enable JWE to get JWS-protected data encrypted as well.

...

</jaxrs:server>
</beans

 

Consume JOSE data

Step1. Use JoseConsumer or JoseJwtConsumer

...

rs.security.encryption.out.properties

The encryption properties file for Compact or JSON encryption creation. If not specified then it falls back to "rs.security.encryption.properties".

rs.security.encryption.in.properties

The encryption properties file for Compact or JSON decryption. If not specified then it falls back to "rs.security.encryption.properties".

rs.security.encryption.propertiesThe signature encryption properties file for encryption/decryption.

...