Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 4d9924fea -> 12c2906a1
[CXF-5902] Adding a system test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/12c2906a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/12c2906a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/12c2906a Branch: refs/heads/3.0.x-fixes Commit: 12c2906a1958a1e669c6dd9ff8b7555719bee898 Parents: 4d9924f Author: Sergey Beryozkin <sberyoz...@talend.com> Authored: Wed Aug 13 14:01:45 2014 +0100 Committer: Sergey Beryozkin <sberyoz...@talend.com> Committed: Wed Aug 13 14:03:14 2014 +0100 ---------------------------------------------------------------------- .../jwe/AbstractContentEncryptionAlgorithm.java | 2 +- .../oauth2/jwe/AbstractJweEncryption.java | 12 +++++- .../oauth2/jwe/AesCbcHmacJweEncryption.java | 27 ++++++++++--- .../jwe/AesGcmContentEncryptionAlgorithm.java | 8 ++++ .../jwe/AesWrapKeyDecryptionAlgorithm.java | 4 ++ .../jwe/AesWrapKeyEncryptionAlgorithm.java | 3 ++ .../oauth2/jwe/DirectKeyJweEncryption.java | 16 +++++++- .../jwt/jaxrs/AbstractJweDecryptingFilter.java | 2 +- .../jaxrs/security/jwt/JAXRSJweJwsTest.java | 40 ++++++++++++++++++++ .../cxf/systest/jaxrs/security/jwt/server.xml | 34 +++++++++++++++++ 10 files changed, 137 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/12c2906a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionAlgorithm.java index 9dde55d..b6adb9f 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionAlgorithm.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionAlgorithm.java @@ -47,7 +47,7 @@ public abstract class AbstractContentEncryptionAlgorithm extends AbstractContent } public byte[] getInitVector() { if (iv == null) { - return CryptoUtils.generateSecureRandomBytes(getIvSize()); + return CryptoUtils.generateSecureRandomBytes(getIvSize() / 8); } else if (iv.length > 0 && providedIvUsageCount.addAndGet(1) > 1) { throw new SecurityException(); } else { http://git-wip-us.apache.org/repos/asf/cxf/blob/12c2906a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.java index 167d04e..885e29d 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.java @@ -60,15 +60,23 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { } protected byte[] getContentEncryptionKey() { - byte[] cek = contentEncryptionAlgo.getContentEncryptionKey(headers); + byte[] cek = getProvidedContentEncryptionKey(); if (cek == null) { String algoJava = getContentEncryptionAlgoJava(); String algoJwt = getContentEncryptionAlgoJwt(); cek = CryptoUtils.getSecretKey(Algorithm.stripAlgoProperties(algoJava), - Algorithm.valueOf(algoJwt).getKeySizeBits()).getEncoded(); + getCekSize(algoJwt)).getEncoded(); } return cek; } + + protected int getCekSize(String algoJwt) { + return Algorithm.valueOf(algoJwt.replace('-', '_')).getKeySizeBits(); + } + + protected byte[] getProvidedContentEncryptionKey() { + return contentEncryptionAlgo.getContentEncryptionKey(headers); + } protected byte[] getEncryptedContentEncryptionKey(byte[] theCek) { return keyEncryptionAlgo.getEncryptedContentEncryptionKey(headers, theCek); http://git-wip-us.apache.org/repos/asf/cxf/blob/12c2906a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesCbcHmacJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesCbcHmacJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesCbcHmacJweEncryption.java index 0489819..492e0a6 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesCbcHmacJweEncryption.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesCbcHmacJweEncryption.java @@ -51,6 +51,12 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption { AES_CEK_SIZE_MAP.put(Algorithm.A192CBC_HS384.getJwtName(), 48); AES_CEK_SIZE_MAP.put(Algorithm.A256CBC_HS512.getJwtName(), 64); } + public AesCbcHmacJweEncryption(String keyAlgo, + String celAlgoJwt, + KeyEncryptionAlgorithm keyEncryptionAlgorithm) { + this(new JweHeaders(keyAlgo, validateCekAlgorithm(celAlgoJwt)), + null, null, keyEncryptionAlgorithm); + } public AesCbcHmacJweEncryption(JweHeaders headers, KeyEncryptionAlgorithm keyEncryptionAlgorithm) { this(headers, null, null, keyEncryptionAlgorithm); @@ -65,22 +71,24 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption { KeyEncryptionAlgorithm keyEncryptionAlgorithm, JwtHeadersWriter writer) { super(headers, new AesCbcContentEncryptionAlgorithm(cek, iv), keyEncryptionAlgorithm, writer); - if (!SUPPORTED_CEK_ALGORITHMS.contains(headers.getContentEncryptionAlgorithm())) { - throw new SecurityException(); - } + validateCekAlgorithm(headers.getContentEncryptionAlgorithm()); } @Override protected byte[] getActualCek(byte[] theCek, String algoJwt) { return doGetActualCek(theCek, algoJwt); } + @Override + protected int getCekSize(String algoJwt) { + return getFullCekKeySize(algoJwt) * 8; + } protected static byte[] doGetActualCek(byte[] theCek, String algoJwt) { - int size = getCekKeySize(algoJwt) / 2; + int size = getFullCekKeySize(algoJwt) / 2; byte[] actualCek = new byte[size]; System.arraycopy(theCek, size, actualCek, 0, size); return actualCek; } - protected static int getCekKeySize(String algoJwt) { + protected static int getFullCekKeySize(String algoJwt) { return AES_CEK_SIZE_MAP.get(algoJwt); } @@ -113,7 +121,7 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption { JweHeaders theHeaders, String headersJson) { String algoJwt = theHeaders.getContentEncryptionAlgorithm(); - int size = getCekKeySize(algoJwt) / 2; + int size = getFullCekKeySize(algoJwt) / 2; byte[] macKey = new byte[size]; System.arraycopy(secretKey, 0, macKey, 0, size); @@ -176,4 +184,11 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption { private byte[] al; private String headersJson; } + + private static String validateCekAlgorithm(String cekAlgo) { + if (!SUPPORTED_CEK_ALGORITHMS.contains(cekAlgo)) { + throw new SecurityException(); + } + return cekAlgo; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/12c2906a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentEncryptionAlgorithm.java index 5d69273..67c5948 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentEncryptionAlgorithm.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentEncryptionAlgorithm.java @@ -20,9 +20,17 @@ package org.apache.cxf.rs.security.oauth2.jwe; import javax.crypto.SecretKey; +import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; + public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm { private static final int DEFAULT_IV_SIZE = 96; + public AesGcmContentEncryptionAlgorithm() { + this((byte[])null, null); + } + public AesGcmContentEncryptionAlgorithm(String encodedCek, String encodedIv) { + this((byte[])CryptoUtils.decodeSequence(encodedCek), CryptoUtils.decodeSequence(encodedIv)); + } public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv) { this(key.getEncoded(), iv); } http://git-wip-us.apache.org/repos/asf/cxf/blob/12c2906a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyDecryptionAlgorithm.java index ec99447..1fd77b7 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyDecryptionAlgorithm.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyDecryptionAlgorithm.java @@ -24,6 +24,9 @@ import org.apache.cxf.rs.security.oauth2.jwt.Algorithm; import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm { + public AesWrapKeyDecryptionAlgorithm(String encodedKey) { + this(CryptoUtils.decodeSequence(encodedKey)); + } public AesWrapKeyDecryptionAlgorithm(byte[] secretKey) { this(CryptoUtils.createSecretKeySpec(secretKey, Algorithm.AES_WRAP_ALGO_JAVA)); } @@ -31,4 +34,5 @@ public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm super(secretKey, true); } + } http://git-wip-us.apache.org/repos/asf/cxf/blob/12c2906a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyEncryptionAlgorithm.java index daa7a87..70224a1 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyEncryptionAlgorithm.java @@ -32,6 +32,9 @@ public class AesWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgo Arrays.asList(Algorithm.A128KW.getJwtName(), Algorithm.A192KW.getJwtName(), Algorithm.A256KW.getJwtName())); + public AesWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt) { + this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt); + } public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) { this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.toJavaName(keyAlgoJwt)), keyAlgoJwt); http://git-wip-us.apache.org/repos/asf/cxf/blob/12c2906a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweEncryption.java index a13bd39..12e959f 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweEncryption.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweEncryption.java @@ -28,6 +28,20 @@ public class DirectKeyJweEncryption extends AbstractJweEncryption { cek.getEncoded().length * 8)), cek.getEncoded(), iv); } public DirectKeyJweEncryption(JweHeaders headers, byte[] cek, byte[] iv) { - super(headers, new AesGcmContentEncryptionAlgorithm(cek, iv), new DirectKeyEncryptionAlgorithm()); + this(headers, new AesGcmContentEncryptionAlgorithm(cek, iv)); + } + public DirectKeyJweEncryption(JweHeaders headers, ContentEncryptionAlgorithm ceAlgo) { + super(headers, ceAlgo, new DirectKeyEncryptionAlgorithm()); + } + protected byte[] getProvidedContentEncryptionKey() { + return validateCek(super.getProvidedContentEncryptionKey()); + } + private static byte[] validateCek(byte[] cek) { + if (cek == null) { + // to prevent the cek from being auto-generated which + // does not make sense for the direct key case + throw new NullPointerException("CEK must not be null"); + } + return cek; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/12c2906a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java index d42d7b2..036fed0 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java @@ -48,7 +48,7 @@ public class AbstractJweDecryptingFilter { protected void validateHeaders(JweHeaders headers) { // complete } - public void setDecryption(JweDecryptionProvider decryptor) { + public void setDecryptionProvider(JweDecryptionProvider decryptor) { this.decryption = decryptor; } protected JweDecryptionProvider getInitializedDecryption() { http://git-wip-us.apache.org/repos/asf/cxf/blob/12c2906a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java index 20848c4..4971c2a 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java @@ -30,6 +30,10 @@ import javax.crypto.Cipher; import org.apache.cxf.Bus; import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean; +import org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweDecryption; +import org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweEncryption; +import org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyDecryptionAlgorithm; +import org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyEncryptionAlgorithm; import org.apache.cxf.rs.security.oauth2.jws.HmacJwsSignatureProvider; import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureProvider; import org.apache.cxf.rs.security.oauth2.jwt.Algorithm; @@ -121,6 +125,42 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { assertEquals("book", text); } + @Test + public void testJweAesCbcHmac() throws Exception { + String address = "https://localhost:" + PORT + "/jweaescbchmac"; + JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = JAXRSJweJwsTest.class.getResource("client.xml"); + Bus springBus = bf.createBus(busFile.toString()); + bean.setBus(springBus); + bean.setServiceClass(BookStore.class); + bean.setAddress(address); + List<Object> providers = new LinkedList<Object>(); + // writer + JweWriterInterceptor jweWriter = new JweWriterInterceptor(); + //jweWriter.setUseJweOutputStream(true); + + final String cekEncryptionKey = "GawgguFyGrWKav7AX4VKUg"; + AesWrapKeyEncryptionAlgorithm keyEncryption = + new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, Algorithm.A128KW.getJwtName()); + jweWriter.setEncryptionProvider(new AesCbcHmacJweEncryption(Algorithm.A128KW.getJwtName(), + Algorithm.A128CBC_HS256.getJwtName(), + keyEncryption)); + + // reader + JweClientResponseFilter jweReader = new JweClientResponseFilter(); + jweReader.setDecryptionProvider(new AesCbcHmacJweDecryption( + new AesWrapKeyDecryptionAlgorithm(cekEncryptionKey))); + + providers.add(jweWriter); + providers.add(jweReader); + bean.setProviders(providers); + + BookStore bs = bean.create(BookStore.class); + String text = bs.echoText("book"); + assertEquals("book", text); + } + private static class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider { @Override http://git-wip-us.apache.org/repos/asf/cxf/blob/12c2906a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml index f587972..07aad8c 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml @@ -48,6 +48,31 @@ under the License. <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jwt.BookStore"/> <bean id="jweInFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweContainerRequestFilter"/> <bean id="jweOutFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweWriterInterceptor"/> + + <bean id="aesWrapEncryptionAlgo" class="org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyEncryptionAlgorithm"> + <constructor-arg value="GawgguFyGrWKav7AX4VKUg"/> + <constructor-arg value="A128KW"/> + </bean> + <bean id="aesCbcHmacEncryption" class="org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweEncryption"> + <constructor-arg value="A128KW"/> + <constructor-arg value="A128CBC-HS256"/> + <constructor-arg ref="aesWrapEncryptionAlgo"/> + </bean> + + <bean id="aesWrapDecryptionAlgo" class="org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyDecryptionAlgorithm"> + <constructor-arg value="GawgguFyGrWKav7AX4VKUg"/> + </bean> + <bean id="aesCbcHmacDecryption" class="org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweDecryption"> + <constructor-arg ref="aesWrapDecryptionAlgo"/> + </bean> + + <bean id="jweInAesCbcHmacFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweContainerRequestFilter"> + <property name="decryptionProvider" ref="aesCbcHmacDecryption"/> + </bean> + <bean id="jweOutAesCbcHmacFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweWriterInterceptor"> + <property name="encryptionProvider" ref="aesCbcHmacEncryption"/> + </bean> + <bean id="hmacSigVerifier" class="org.apache.cxf.rs.security.oauth2.jws.HmacJwsSignatureProvider"> <constructor-arg value="AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"/> </bean> @@ -94,4 +119,13 @@ under the License. <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/> </jaxrs:properties> </jaxrs:server> + <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jweaescbchmac"> + <jaxrs:serviceBeans> + <ref bean="serviceBean"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="jweInAesCbcHmacFilter"/> + <ref bean="jweOutAesCbcHmacFilter"/> + </jaxrs:providers> + </jaxrs:server> </beans>