...
Code Block | ||
---|---|---|
| ||
import org.apache.cxf.rs.security.jose.common.JoseProducer; @Path("service1service") public class SecureService extends JoseProducer { @GET public String getProtectedValue() { // encrypt and/or sign the data return super.processData("some data"); } } // or @Path("service2service") public class SecureService2SecureService { private JoseProducer producer = new JoseProducer(); @GET public String getProtectedValue() { // encrypt and/or sign the data return producer.processData("some data"); } } |
...
If you need to protect some non JWT property - extend or delegate to JoseJwtProducer:
Code Block | ||
---|---|---|
| ||
import org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer; @Path("service1service") public class SecureService extends JoseJwtProducer { @GET public String getProtectedToken() { // encrypt and/or sign JWT JwtClaims claims = new JwtClaims(); claims.setIssuer("some issuer"); // set other claims return super.processJwt(new JwtToken(claims)); } } // or @Path("service2service") public class SecureService extends SecureService2AbstractSecureService { private JoseJwtProducer producer = new JoseJwtProducer(); @GET public String getProtectedValue() { // encrypt and/or sign JWT return producer.processData(new JwtToken(new JwtClaims()));())); } } |
In both cases the producer helpers will detect the endpoint specific configuration thus they do not need to be preconfigured - however if needed they have the 'encryptionProvider' and 'signatureProvider' setters which can be used to inject JwsSignatureProvider and/or JweSignatureProvider instances instead.
The producer helpers require a signature creation only by default. Use their 'setJwsRequired' or 'setJwsRequired' properties to customize it - example, disable JWS but require JWE, or enable JWE to get JWS-protected data encrypted as well.
Step2. Set the key store location and the algorithm info
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:jaxrs="http://cxf.apache.org/jaxrs"> <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jose.SecureService"/> <jaxrs:server address="/secure"> <jaxrs:serviceBeans> <ref bean="serviceBean"/> </jaxrs:serviceBeans> <jaxrs:properties> <entry key="rs.security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
</jaxrs:properties>
...
In both cases the producer helpers will detect the endpoint specific configuration thus the do not need to be preconfigured - however if needed they have the 'encryptionProvider' and 'signatureProvider' setters which can be used to inject JwsSignatureProvider and/or JweSignatureProvider instances instead.
The producer helpers require a signature creation only by default. Use their 'setJwsRequired' or 'setJwsRequired' properties to customize it - example, disable JWS but require JWE, or enable JWE to get JWS-protected data encrypted as well.
...
</jaxrs:server>
</beans
Consume JOSE data
Step1. Use JoseConsumer or JoseJwtConsumer
...
rs.security.encryption.out.properties | The encryption properties file for Compact or JSON encryption creation. If not specified then it falls back to "rs.security.encryption.properties". |
rs.security.encryption.in.properties | The encryption properties file for Compact or JSON decryption. If not specified then it falls back to "rs.security.encryption.properties". |
rs.security.encryption.properties | The signature encryption properties file for encryption/decryption. |
...