Modified: websites/production/cxf/content/docs/jaxrs-kerberos.html
==============================================================================
--- websites/production/cxf/content/docs/jaxrs-kerberos.html (original)
+++ websites/production/cxf/content/docs/jaxrs-kerberos.html Wed Sep 13
15:05:52 2017
@@ -32,8 +32,8 @@
<link type="text/css" rel="stylesheet"
href="/resources/highlighter/styles/shThemeCXF.css">
<script src='/resources/highlighter/scripts/shCore.js'></script>
-<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
<script src='/resources/highlighter/scripts/shBrushXml.js'></script>
+<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
<script>
SyntaxHighlighter.defaults['toolbar'] = false;
SyntaxHighlighter.all();
@@ -121,11 +121,11 @@ Apache CXF -- JAXRS Kerberos
 </p><p> </p><p> </p><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1505311241408 {padding: 0px;}
-div.rbtoc1505311241408 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1505311241408 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1505314965862 {padding: 0px;}
+div.rbtoc1505314965862 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1505314965862 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1505311241408">
+/*]]>*/</style></p><div class="toc-macro rbtoc1505314965862">
<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSKerberos-Introduction">Introduction</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSKerberos-Setup">Setup</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSKerberos-Unix">Unix</a></li><li><a shape="rect"
href="#JAXRSKerberos-Windows">Windows</a></li></ul>
@@ -138,10 +138,10 @@ div.rbtoc1505311241408 li {margin-left:
<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSKerberos-ServiceprincipalnameandJAASConfiguration">Service
principal name and JAAS Configuration</a></li><li><a shape="rect"
href="#JAXRSKerberos-CallbackHandler">CallbackHandler</a></li></ul>
</li><li><a shape="rect" href="#JAXRSKerberos-CredentialDelegation">Credential
Delegation</a></li></ul>
</div><h1 id="JAXRSKerberos-Introduction">Introduction</h1><p>Please see <a
shape="rect" class="external-link"
href="http://www.kerberos.org/software/tutorial.html"; rel="nofollow">MIT
Kerberos Tutorial</a> for a good introduction to Kerberos.<br clear="none"> The
<a shape="rect" class="external-link"
href="http://msdn.microsoft.com/en-us/library/aa378747%28v=vs.85%29";
rel="nofollow">Windows guide</a> as well as <a shape="rect"
class="external-link"
href="http://en.wikipedia.org/wiki/Kerberos_%28protocol%29"; rel="nofollow">this
Wikipedia page</a> are also worth checking.</p><h2
id="JAXRSKerberos-Setup">Setup</h2><h3 id="JAXRSKerberos-Unix">Unix</h3><p>1.
Install the packages</p><p>> sudo apt-get install krb5-kdc
krb5-admin-server</p><p>During the installation enter "localhost" as the host
name for Kerberos servers (unless you have more specific host names to enter)
and set a default realm, example, "MYCOMPANY.COM". Follow the 1.2 step from
this <a shape="rect" class="external-link
"
href="http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part-i.html";
rel="nofollow">blog entry</a> to get this default realm set up
properly.</p><p>2. Create principals</p><p>From the step 1.3 at <a shape="rect"
class="external-link"
href="http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part-i.html";
rel="nofollow">this blog entry</a>:</p><p>2.1 Create master key:<br
clear="none"> > sudo kdb5_util create -s</p><p>2.2 Create user and service
principals</p><p>> sudo kadmin.local</p><p>followed by</p><p>> addprinc
alice<br clear="none"> > addprinc HTTP/localhost</p><p>where
'HTTP/localhost' is the typical service principal name used in the Negotiate
scheme, replace 'localhost' if needed.<br clear="none"> Add more user and
service principals too as required.</p><p>3 Start KDC</p><p>> sudo
krb5kdc</p><p>4. Create an optional ticket cache</p><p>> klist</p><p>returns
an empty response</p><p>> kinit alice</p><p>> klist</p><p
>confirms a TGT for 'alice' is in the cache.</p><p>2.4 Create
>keytabs</p><p>When keytabs are available, the principal password does not
>have to be specified in the login configuration.<br clear="none"> Please
>follow the step 1.4 from <a shape="rect" class="external-link"
>href="http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part-i.html";
> rel="nofollow">this blog entry</a>.</p><p>Note, creating a keytab actually
>resets an original principal password, example, after creating a keytab for
>'alice' one would not be able to use the original password (TODO: apparently
>this can be restored - find out how). Thus, if you'd like to experiment with
>keytabs then you may want to have few user and service principals created,
>with only selected principals using keytabs.</p><h3
>id="JAXRSKerberos-Windows">Windows</h3><p>Please check the relevant Windows
>configuration guide such as <a shape="rect" class="external-link"
>href="http://technet.microsoft.com/en-us/library/cc753173%28v=
ws.10%29" rel="nofollow">this one</a>.</p><h2
id="JAXRSKerberos-HTTPNegotiatescheme">HTTP Negotiate scheme</h2><p>'Negotiate'
authentication scheme is used to pass Kerberos service tickets over HTTP.<br
clear="none"> Example:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">Authorization: Negotiate "the encrypted service ticket"
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">Authorization: Negotiate "the encrypted service ticket"
</pre>
</div></div><h2 id="JAXRSKerberos-GSSAPI">GSS API</h2><p>Please see <a
shape="rect" class="external-link"
href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/index.html";
rel="nofollow">this</a> GSS API tutorial as well as check this <a shape="rect"
class="external-link" href="http://www.javaactivedirectory.com/";
rel="nofollow">blog</a> for a number of GSS API examples. Understanding GSS API
may help when the way CXF Kerberos handlers work needs to be customized or when
the available GSS credentials created outside of CXF need to be made available
to CXF (for the credential delegation).</p><h2
id="JAXRSKerberos-JAASKerberosModuleConfiguration">JAAS Kerberos Module
Configuration</h2><p><a shape="rect" class="external-link"
href="http://docs.oracle.com/javase/6/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html";
rel="nofollow">com.sun.security.auth.module.Krb5LoginModule</a> is typically
used to login to Kerberos servers.</
p><h1 id="JAXRSKerberos-Clientconfiguration">Client configuration</h1><h2
id="JAXRSKerberos-HTTPConduit">HTTPConduit</h2><p>Please see <a shape="rect"
href="http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport%28includingSSLsupport%29-SpnegoAuthentication%28Kerberos%29";>this
page</a> for the information about Spnego/Kerberos HTTPConduit client
support.</p><h2
id="JAXRSKerberos-Interceptor">Interceptor</h2><p>org.apache.cxf.jaxrs.security.KerberosAuthOutInterceptor
can be used as an alternative to configuring
HTTPConduit.</p><p>KerberosAuthOutInterceptor and the HTTPConduit Spnego
handler share the same base code. Having HTTPConduit configuration can be
enough in many cases<br clear="none"> especially when SSL is also being setup
at the conduit level. Using the interceptor can be handy when testing as well
as when setting few extra properties which is not easy to set up at the generic
HTTP Conduit Authorization Policy level.</p><p>The interc
eptor properties are explained in the following sub-sections</p><h3
id="JAXRSKerberos-AuthorizationPolicy">Authorization Policy</h3><p>As explained
on <a shape="rect"
href="http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport%28includingSSLsupport%29-SpnegoAuthentication%28Kerberos%29";>this
page</a>, Authorization Policy typically needs to have its type set to
"Negotiate" and its "authorization" property set to the name of the JAAS
context. AuthorizationPolicy is set as a "policy" property on the interceptor,
example:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">WebClient wc = WebClient.create("http://localhost:"; +
PORT + "/bookstore/books/123");
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">WebClient wc = WebClient.create("http://localhost:"; +
PORT + "/bookstore/books/123");
KerberosAuthOutInterceptor kbInterceptor = new KerberosAuthOutInterceptor();
@@ -155,7 +155,7 @@ WebClient.getConfig(wc).getOutIntercepto
Book b = wc.get(Book.class);
</pre>
</div></div><p>In this example, the <a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg";>KerberosClientKeyTab</a>
policy is used which links to the available keytab; otherwise
AuthorizationPolicy 'UserName' and 'Password' properties would most likely have
to be set too (with the possible exceptions on Windows)</p><h3
id="JAXRSKerberos-Configuringtheserviceprincipalname">Configuring the service
principal name</h3><p>Service principal identifies a target service.</p><p>By
default, the service principal name is calculated by concatenating "HTTP", "/"
and the name of the target host, example, when invoking on
"http://localhost:8080/services";, the service principal name is set to
"HTTP/localhost".</p><p>The "servicePrincipalName" and "realm" properties can
be used to customize it, example, setting "servicePrincipalName" to
"HTTP/www.mycompany.com" and realm to "services.org"
will result in the "HTTP/[email protected]" service principal
name being used.</p><p>When the "servicePrincipalName" is not specified, the
target host from the provided endpoint URL is used to construct one
as-is.  To perform canonicalization of this hostname (e.g. if a CNAME
record <a shape="rect" class="external-link" href="http://host.example.com";
rel="nofollow">host.example.com</a> points to an A record <a shape="rect"
class="external-link" href="http://host-x.example.com";
rel="nofollow">host-x.example.com</a>, then use "<a shape="rect"
class="external-link" href="http://host-x.example.com";
rel="nofollow">host-x.example.com</a>" when constructing the
servicePrincipalName), the "useCanonicalHostname" property can be set to
"true".</p><h3 id="JAXRSKerberos-UsingJAASConfiguration">Using JAAS
Configuration</h3><p>Both HTTPConduit and interceptor handlers need a
"java.security.auth.login.config" system property set up. This property needs
to point to the file contai
ning the configuration of the specific Kerberos login module.</p><p>Instead of
setting this system property and maintaining a configuration file, one might
want to use an implementation of javax.security.auth.login.Configuration and
set it on the interceptor as a "loginConfig" property.</p><h3
id="JAXRSKerberos-Howtoavoidsettingusernameandpasswordproperties">How to avoid
setting username and password properties</h3><p>Typically, one may have to set
AuthorizationPolicy UserName and Password properties for the Kerberos login
module to authenticate the user.</p><p>The next option is to create a keytab as
noted in the Setup section, which will let one to avoid specifying a password
property.<br clear="none"> Finally, if the user actually owns the Java process
which runs the code then no username and password properties have to be
provided, assuming the Kerberos login configuration has 'useTicketCache' and
possibly 'renewTGT' properties set to "true"</p><h1
id="JAXRSKerberos-Serverconfig
uration">Server
configuration</h1><p>org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter
can be used to protected JAX-RS endpoints and enforce that a Negotiate
authentication scheme is used by clients, example:</p><div class="code panel
pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><bean id="kerberosFilter"
class="org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter">
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><bean id="kerberosFilter"
class="org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter">
<property name="loginContextName" value="KerberosServiceKeyTab"/>
</bean>
@@ -169,7 +169,7 @@ Book b = wc.get(Book.class);
</jaxrs:server>
</pre>
</div></div><p>KerberosAuthenticationFilter will set a CXF <a shape="rect"
class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/security/SecurityContext.java";>SecurityContext</a>
on the current message if the authentication has been successful. This
SecurityContext will return an instance of
KerberosAuthenticationFilter$KerberosPrincipal, this Principal will return a
'simple' and 'kerberos' source principal names, example, given
"HTTP/[email protected]", Principal#getName will return "HTTP/localhost",
and KerberosPrincipal#getKerberosName will return
"HTTP/[email protected]".</p><h2
id="JAXRSKerberos-ServiceprincipalnameandJAASConfiguration">Service principal
name and JAAS Configuration</h2><p>Service principal name and JAAS
Configuration can be optionally set up the same way they can be with
KerberosAuthOutInterceptor, using 'servicePrincipalName' + 'realm' and
"loginConfig" properties.</p><h2 id="JAXRSKerberos-CallbackHandl
er">CallbackHandler</h2><p>javax.security.auth.callback.CallbackHandler needs
to be registered if no Kerberos key tabs are used, here is an example of
setting it up from Java:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">public class TestResource {
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">public class TestResource {
public static void main(String[] args) {
JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
sf.setResourceClasses(BookStore.class);
@@ -190,7 +190,7 @@ Book b = wc.get(Book.class);
}
</pre>
</div></div><p>In this example, the <a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg";>KerberosServer</a>
policy is used.</p><h1 id="JAXRSKerberos-CredentialDelegation">Credential
Delegation</h1><p>Please see this <a shape="rect"
href="http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport%28includingSSLsupport%29-CredentialDelegation";>section</a>
on the way client-side credential delegation can be both enabled and
implemented at the HTTP conduit level.</p><p>Note that if you have a JAX-RS
KerberosAuthenticationFilter protecting the endpoints, then the filter will
have an org.ietf.jgss.GSSContext instance available in the current CXF
SecurityContext, via its KerberosAuthenticationFilter$KerberosSecurityContext
implementation, which can be used to get to org.ietf.jgss.GSSCredential if the
credential delegation is supported for a
given source principal. The current credential if any can be set as a client
property next, for example:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">import org.ietf.jgss.GSSCredential;
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">import org.ietf.jgss.GSSCredential;
import org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter;
import
org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter.KerberosSecurityContext;
Modified: websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html
==============================================================================
--- websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html (original)
+++ websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html Wed Sep
13 15:05:52 2017
@@ -32,9 +32,9 @@
<link type="text/css" rel="stylesheet"
href="/resources/highlighter/styles/shThemeCXF.css">
<script src='/resources/highlighter/scripts/shCore.js'></script>
-<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
-<script src='/resources/highlighter/scripts/shBrushXml.js'></script>
<script src='/resources/highlighter/scripts/shBrushBash.js'></script>
+<script src='/resources/highlighter/scripts/shBrushXml.js'></script>
+<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
<script>
SyntaxHighlighter.defaults['toolbar'] = false;
SyntaxHighlighter.all();
@@ -119,11 +119,11 @@ Apache CXF -- JAXRS OAuth2 Assertions
<!-- Content -->
<div class="wiki-content">
<div id="ConfluenceContent"><h1
id="JAXRSOAuth2Assertions-JAXRS:OAuth2Assertions">JAXRS: OAuth2
Assertions</h1><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1505311267532 {padding: 0px;}
-div.rbtoc1505311267532 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1505311267532 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1505314908314 {padding: 0px;}
+div.rbtoc1505314908314 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1505314908314 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1505311267532">
+/*]]>*/</style></p><div class="toc-macro rbtoc1505314908314">
<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSOAuth2Assertions-JAXRS:OAuth2Assertions">JAXRS: OAuth2
Assertions</a></li><li><a shape="rect"
href="#JAXRSOAuth2Assertions-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAXRSOAuth2Assertions-SAML2Bearer">SAML2 Bearer</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSOAuth2Assertions-Mavendependencies">Maven
dependencies</a></li><li><a shape="rect"
href="#JAXRSOAuth2Assertions-AccessTokenGrant">Access Token Grant</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSOAuth2Assertions-Clientcode">Client code</a></li><li><a
shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenService">Access Token
Service</a></li></ul>
@@ -138,21 +138,21 @@ div.rbtoc1505311267532 li {margin-left:
</li></ul>
</li></ul>
</div><h1 id="JAXRSOAuth2Assertions-Introduction">Introduction</h1><p><a
shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc6749";
rel="nofollow">OAuth 2.0</a> supports different types of access token grants.
The <a shape="rect" class="external-link"
href="http://tools.ietf.org/html/rfc7521"; rel="nofollow">OAuth2 Assertions</a>
spec "provides a framework for the use of assertions with OAuth 2.0 in the form
of a new client authentication mechanism and a new authorization grant type".
More specifically, the <a shape="rect" class="external-link"
href="https://tools.ietf.org/html/rfc7522"; rel="nofollow">SAML2 Bearer
Assertion Profiles for OAuth2</a> spec provides for the use of SAML2 Bearer
assertions, and the <a shape="rect" class="external-link"
href="http://tools.ietf.org/html/rfc7523"; rel="nofollow">JSON Web Token (JWT)
Profile for OAuth 2.0 Client Authentication and Authorization Grants</a> spec
providers for the use of JWT Bearer tokens.</p><p>These assertions
can be used as token grants, but also, if needed, for getting 3rd party
clients authenticated. Note the clients can use assertions as grants but use
for example Basic authentication mechanism, or use say an authorization code
grant and the assertion to authenticate, and finally, they can use assertions
as a grant and as an authentication token.</p><p>Currently CXF supports both
SAML2 Bearer and JWT Bearer assertions as grants and authentication
tokens.</p><p>See the <a shape="rect" href="jax-rs-oauth2.html">JAX-RS
OAuth2</a> page for information about OAuth 2.0 support in CXF. Please also
check the <a shape="rect" href="jax-rs-saml.html">JAX-RS SAML</a> page for more
information about SAML support.</p><p> </p><h1
id="JAXRSOAuth2Assertions-SAML2Bearer">SAML2 Bearer</h1><h2
id="JAXRSOAuth2Assertions-Mavendependencies">Maven dependencies</h2><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><dependency>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-rs-security-oauth2-saml</artifactId>
<version>${cxf.version}</version>
</dependency>
</pre>
</div></div><h2 id="JAXRSOAuth2Assertions-AccessTokenGrant">Access Token
Grant</h2><p><a shape="rect" class="external-link"
href="http://tools.ietf.org/html/rfc7522#section-2.1"; rel="nofollow">This
section</a> explains how SAML2 Bearer assertions can be used as token grants.
The value of grant_type parameter is
"urn:ietf:params:oauth:grant-type:saml2-bearer".</p><p>It is really just
another grant type, but whose actual value is a SAML assertion. The
specification provides an <a shape="rect" class="external-link"
href="http://tools.ietf.org/html/rfc7522#section-4"; rel="nofollow">example</a>
of how such an assertion may look like.</p><p>The additional restriction is
that the assertions have to be encoded using Base64Url encoding. <br
clear="none"> Here is how a request may look like:</p><div class="code panel
pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">POST /token HTTP/1.1
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">POST /token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Asaml2-bearer&
assertion=Base64UrlEncoded-SAML2-Bearer-Assertion
</pre>
</div></div><h3 id="JAXRSOAuth2Assertions-Clientcode">Client code</h3><p>The
following example shows how to use SAML2 Bearer assertion as a grant with CXF
OAuth2 client code:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">import org.apache.cxf.jaxrs.client.WebClient;
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
@@ -182,7 +182,7 @@ ClientAccessToken at = OAuthClientUtils.
false);
</pre>
</div></div><p>The code above prepares an info for a new SAML assertion be
self-signed, loading a Crypto instance with crypto <a shape="rect"
class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.properties";>properties</a>,
and uses SAMLUtils to create and sign the assertion (using Crypto, plus user
alias and password). Saml2BearerGrant will get the assertion Base64Url-encoded
- unless the assertion has already been encoded with CXF Base64UrlUtility or
came encoded from IP - in this case Saml2BearerGrant constructor accepting an
'encoded' property will have to be used, with the value set to
"true".</p><p>This is nearly as simple as using other token grants, the step 2
will often me omitted in more involved cases as it will be the job of Identity
Providers to issue OAuth2 SAML2 Bearer assertions. Step 2 needs to be done when
testing or when getting client acting <a shape="rect" class="
external-link" href="http://tools.ietf.org/html/rfc7521#section-6.2";
rel="nofollow">on behalf of itself</a> for example.</p><p>Instead of using
SelfSignInfo utility one can create an empty CXF Message and set required
properties on it and passing it to SAMLUtils - see the example on how to use
SAML Bearer assertions for the authentication below.</p><p>When doing step 2,
the main effort is to do with getting a SAML assertion populated - use a SAML
callback handler like <a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler.java";>this
one</a>, it is actually quite easy to build the assertion.</p><h3
id="JAXRSOAuth2Assertions-AccessTokenService">Access Token Service</h3><p>Here
is how one may configure Access Token Service:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><bean id="dataProvider"
class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><bean id="dataProvider"
class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
<bean id="samlGrantHandler"
class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
<property name="dataProvider" ref="dataProvider"/>
</bean>
@@ -210,7 +210,7 @@ ClientAccessToken at = OAuthClientUtils.
</jaxrs:server>
</pre>
</div></div><h2 id="JAXRSOAuth2Assertions-AuthenticationToken">Authentication
Token</h2><p>As noted in the introduction, SAML2 Bearer assertions may also act
as client authentication credentials, when requesting an access token,
irrespectively of the actual grant type. For example:</p><div class="code panel
pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">POST /token HTTP/1.1
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">POST /token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
@@ -219,7 +219,7 @@ grant_type=authorization_code
&client_assertion=Base64UrlEncoded-SAML2-Bearer-Assertion
</pre>
</div></div><p>Note "client_assertion_type" with a value
"urn:ietf:params:oauth:client-assertion-type:saml2-bearer" indicates that the
type of assertion used as an authentication token is
"urn:ietf:params:oauth:client-assertion-type:saml2-bearer", while the
"client_assertion" parameter carries the actual value of the token.</p><h3
id="JAXRSOAuth2Assertions-ClientCode">Client Code</h3><p>The following example
shows how to use SAML2 Bearer assertion as an authentication token:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">import org.apache.cxf.jaxrs.client.WebClient;
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
@@ -258,7 +258,7 @@ ClientAccessToken at = OAuthClientUtils.
extraParams);
</pre>
</div></div><p>The above code is similar to the example when SAML2 Bearer
assertion is used as a grant except that this time the assertion is
Base64Url-encoded in the code - note steps 2 and likely 3 will not be required
when the assertion came from IP.<br clear="none"> Next, the encoded assertion
is used as part of the token request payload, note that it does not matter what
grant type is actually used.</p><p>A different approach to dealing with the
assertion directly in the client code is to use
org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthOutInterceptor
interceptor which will add the assertion to the existing form payload, for
example:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">JAXRSClientFactoryBean bean = new
JAXRSClientFactoryBean();
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">JAXRSClientFactoryBean bean = new
JAXRSClientFactoryBean();
Map<String, Object> properties = new HashMap<String, Object>();
properties.put("security.callback-handler",
@@ -282,7 +282,7 @@ ClientAccessToken at = OAuthClientUtils.
accessTokenGrant);
</pre>
</div></div><h3 id="JAXRSOAuth2Assertions-AccessTokenService.1">Access Token
Service</h3><p>Here is how one may configure Access Token Service:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><bean id="dataProvider"
class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><bean id="dataProvider"
class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
<bean id="oauthJson"
class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
<bean id="samlAuthHandler"
class="org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"/>
@@ -313,7 +313,7 @@ ClientAccessToken at = OAuthClientUtils.
</jaxrs:server>
</pre>
</div></div><h2 id="JAXRSOAuth2Assertions-ClientActingonBehalfofItself">Client
Acting on Behalf of Itself</h2><p>In the <a shape="rect" class="external-link"
href="http://tools.ietf.org/html/rfc7521#section-6.2"; rel="nofollow">Client
Acting on Behalf of Itself</a> use either
org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerClientCredentialsGrant
:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">import org.apache.cxf.jaxrs.client.WebClient;
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
@@ -342,7 +342,7 @@ ClientAccessToken at = OAuthClientUtils.
extraParams);
</pre>
</div></div><p>or ClientCredentialsGrant in combination with
Saml2BearerAuthOutInterceptor:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">JAXRSClientFactoryBean bean = new
JAXRSClientFactoryBean();
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">JAXRSClientFactoryBean bean = new
JAXRSClientFactoryBean();
Map<String, Object> properties = new HashMap<String, Object>();
properties.put("security.callback-handler",
@@ -365,14 +365,14 @@ AccessTokenGrant accessTokenGrant = new
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, accessTokenGrant);
</pre>
</div></div><p> </p><h1 id="JAXRSOAuth2Assertions-JWTBearer">JWT
Bearer</h1><p>See <a shape="rect"
href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+OAuth2#JAX-RSOAuth2-SAMLandJWTAssertions";>this
CXF OAuth2 section</a> for the information about the implementation
details.</p><h2 id="JAXRSOAuth2Assertions-AccessTokenGrant.1">Access Token
Grant</h2><p><a shape="rect" class="external-link"
href="http://tools.ietf.org/html/rfc7523#section-2.1"; rel="nofollow">This
section</a> explains how JWT Bearer tokens can be used as token grants. The
value of grant_type parameter is "urn:ietf:params:oauth:grant-
type:jwt-bearer".</p><p>It is really just another grant type, but whose actual
value is a JWT Token. The specification provides an <a shape="rect"
class="external-link" href="http://tools.ietf.org/html/rfc7523#section-4";
rel="nofollow">example</a> of how such an assertion may look like.</p><p>Here
is how a request may look like:</p><div class="code panel pdl" style="bord
er-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">POST /token HTTP/1.1
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">POST /token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&
assertion=X.Y.Z
</pre>
</div></div><h3 id="JAXRSOAuth2Assertions-Clientcode.1">Client code</h3><p>CXF
BigQuery demo <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java#L75";
rel="nofollow">shows</a> how a so called Google Service Client can prepare a
signed JWT token and use JwtBearerGrant in order to issue a JWT Bearer grant
request and get a new access token back. CXF WebClient is used in the demo code
but OAuthClientUtils can also be used.</p><h3
id="JAXRSOAuth2Assertions-AccessTokenService.2">Access Token
Service</h3><p>Here is how one may configure the Access Token Service:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><bean id="dataProvider"
class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><bean id="dataProvider"
class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
<bean id="jwtGrantHandler"
class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler">
<property name="dataProvider" ref="dataProvider"/>
</bean>
@@ -404,7 +404,7 @@ assertion=X.Y.Z
</jaxrs:server>
</pre>
</div></div><h2
id="JAXRSOAuth2Assertions-AuthenticationToken.1">Authentication Token</h2><p>As
noted in the introduction, JWT Bearer tokens may also act as client
authentication credentials, when requesting an access token, irrespectively of
the actual grant type. For example:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">POST /token HTTP/1.1
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">POST /token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
@@ -413,7 +413,7 @@ grant_type=authorization_code
&client_assertion=X.Y.Z
</pre>
</div></div><p>Note "client_assertion_type" with a value
"urn:ietf:params:oauth:client-assertion-type:jwt-bearer" indicates that the
type of assertion used as an authentication token is
"urn:ietf:params:oauth:client-assertion-type:jwt-bearer", while the
"client_assertion" parameter carries the actual value of the token.</p><h3
id="JAXRSOAuth2Assertions-ClientCode.1">Client Code</h3><p>Suppose the client
is acting on behalf of itself to request a token, effectively using Client
Credentials grant. In this case it will use <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerClientCredentialsGrant.java";
rel="nofollow">JwtBearerClientCredentialsGrant</a>.</p><h3
id="JAXRSOAuth2Assertions-AccessTokenService.3">Access Token
Service</h3><p>Here is how one may configure Access Token Service:</p><div
class="code panel pdl" style="border-width: 1px;"><div cla
ss="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><bean id="dataProvider"
class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><bean id="dataProvider"
class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
<bean id="oauthJson"
class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
<bean id="jwtAuthHandler"
class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerAuthHandler"/>
Modified: websites/production/cxf/content/docs/jaxrs-services-configuration.html
==============================================================================
--- websites/production/cxf/content/docs/jaxrs-services-configuration.html
(original)
+++ websites/production/cxf/content/docs/jaxrs-services-configuration.html Wed
Sep 13 15:05:52 2017
@@ -32,9 +32,9 @@
<link type="text/css" rel="stylesheet"
href="/resources/highlighter/styles/shThemeCXF.css">
<script src='/resources/highlighter/scripts/shCore.js'></script>
-<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
-<script src='/resources/highlighter/scripts/shBrushXml.js'></script>
<script src='/resources/highlighter/scripts/shBrushBash.js'></script>
+<script src='/resources/highlighter/scripts/shBrushXml.js'></script>
+<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
<script>
SyntaxHighlighter.defaults['toolbar'] = false;
SyntaxHighlighter.all();
@@ -122,11 +122,11 @@ Apache CXF -- JAXRS Services Configurati
 </p><p> </p><p> </p><p> </p><p><style
type="text/css">/*<![CDATA[*/
-div.rbtoc1505311269938 {padding: 0px;}
-div.rbtoc1505311269938 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1505311269938 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1505314883370 {padding: 0px;}
+div.rbtoc1505314883370 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1505314883370 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1505311269938">
+/*]]>*/</style></p><div class="toc-macro rbtoc1505314883370">
<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSServicesConfiguration-ConfiguringJAX-RSservicesprogrammatically">Configuring
JAX-RS services programmatically</a></li><li><a shape="rect"
href="#JAXRSServicesConfiguration-OSGI">OSGI</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSServicesConfiguration-Blueprint">Blueprint</a></li><li><a
shape="rect" href="#JAXRSServicesConfiguration-Spring">Spring</a></li></ul>
</li><li><a shape="rect" href="#JAXRSServicesConfiguration-SpringBoot">Spring
Boot</a></li><li><a shape="rect"
href="#JAXRSServicesConfiguration-ConfiguringJAX-RSendpointsprogrammaticallywithoutSpring">Configuring
JAX-RS endpoints programmatically without Spring</a></li><li><a shape="rect"
href="#JAXRSServicesConfiguration-BlueprintWeb">Blueprint Web</a>
@@ -145,7 +145,7 @@ div.rbtoc1505311269938 li {margin-left:
<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSServicesConfiguration-Spring.1">Spring</a></li></ul>
</li><li><a shape="rect"
href="#JAXRSServicesConfiguration-ServletandApplicationContainerConfiguration">Servlet
and Application Container Configuration</a></li></ul>
</div><h1
id="JAXRSServicesConfiguration-ConfiguringJAX-RSservicesprogrammatically">Configuring
JAX-RS services programmatically</h1><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">import org.apache.cxf.jaxrs.JAXRSServerFactoryBean;
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">import org.apache.cxf.jaxrs.JAXRSServerFactoryBean;
...
JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
@@ -154,17 +154,17 @@ sf.setAddress("http://localhost:9000/";);
sf.create();
</pre>
</div></div><p>Some things to note:</p><ul><li>The JAXRSServerFactoryBean
creates a Server inside CXF which starts listening for requests on the URL
specified.</li><li>Check the <a shape="rect"
href="http://cxf.apache.org/javadoc/latest/org/apache/cxf/jaxrs/JAXRSServerFactoryBean.html";>JAXRSServerFactoryBean
API</a> for methods for adding multiple root
resources</li><li>setResourceClasses() is for root resources only, use
setProvider() or setProviders() for @Provider-annotated classes.</li><li><p>By
default, the JAX-RS runtime is responsible for the lifecycle of resource
classes, default lifecycle is per-request. You can set the lifecycle to
singleton by using following line:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">sf.setResourceProvider(BookStore.class, new
SingletonResourceProvider(new BookStore()));
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">sf.setResourceProvider(BookStore.class, new
SingletonResourceProvider(new BookStore()));
</pre>
</div></div></li><li><p>If you prefer not to let the JAX-RS runtime handle the
resource class lifecycle for you (for example, it might be the case that your
resource class is created by other containers such as Spring), you can do the
following:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">JAXRSServerFactoryBean sf = new
JAXRSServerFactoryBean();
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">JAXRSServerFactoryBean sf = new
JAXRSServerFactoryBean();
CustomerService cs = new CustomerService();
sf.setServiceBeans(cs);
sf.setAddress("http://localhost:9080/";);
sf.create();
</pre>
</div></div></li></ul><h1 id="JAXRSServicesConfiguration-OSGI">OSGI</h1><h2
id="JAXRSServicesConfiguration-Blueprint">Blueprint</h2><p>The following
example shows how to configure a JAX-RS endpoint in OSGI containers supporting
Blueprint:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><blueprint
xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><blueprint
xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxrs="http://cxf.apache.org/blueprint/jaxrs";
xmlns:cxf="http://cxf.apache.org/blueprint/core";
@@ -190,7 +190,7 @@ sf.create();
</blueprint>
</pre>
</div></div><h2 id="JAXRSServicesConfiguration-Spring">Spring</h2><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><beans
xmlns="http://www.springframework.org/schema/beans";
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><beans
xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxrs="http://cxf.apache.org/jaxrs";
xsi:schemaLocation="
@@ -208,7 +208,7 @@ sf.create();
</pre>
</div></div><h1 id="JAXRSServicesConfiguration-SpringBoot">Spring
Boot</h1><p>Please see CXF <a shape="rect"
href="http://cxf.apache.org/docs/springboot.html#SpringBoot-SpringBootCXFJAX-RSStarter";>SpringBoot</a> documentation. </p><p>Please
see <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/tree/master/distribution/src/main/release/samples/jax_rs/spring_boot";
rel="nofollow">JAX-RS Spring Boot</a> and <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/tree/master/distribution/src/main/release/samples/jax_rs/spring_boot_scan/application";
rel="nofollow">JAX-RS Spring Boot Scan</a> demos.</p><p>Please see <a
shape="rect" href="jaxrsclientspringboot.html">JAXRSClientSpringBoot</a>
documentation on how CXF <a shape="rect" href="jax-rs-client-api.html">JAX-RS
Clients</a> can be used in a SpringBoot Application. </p><p> </p><h1
id="JAXRSServicesConfiguration-ConfiguringJAX-RSendpointsprogrammaticallywithoutSprin
g">Configuring JAX-RS endpoints programmatically without Spring</h1><p>Note
that even though no Spring is explicitly used in the previous section, it is
still used by default to have various CXF components registered with the bus
such as transport factories. If no Spring libraries are available on the
classpath then please follow the following example :</p><div class="code panel
pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">JAXRSServerFactoryBean sf = new
JAXRSServerFactoryBean();
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">JAXRSServerFactoryBean sf = new
JAXRSServerFactoryBean();
sf.setResourceClasses(CustomerService.class);
sf.setResourceProvider(CustomerService.class, new
SingletonResourceProvider(new CustomerService()));
sf.setAddress("http://localhost:9000/";);
@@ -219,28 +219,28 @@ manager.registerBindingFactory(JAXRSBind
sf.create();
</pre>
</div></div><h1 id="JAXRSServicesConfiguration-BlueprintWeb">Blueprint
Web</h1><p>This section describes how CXF JAX-RS endpoints can be bootstrapped
with CXFBlueprintServlet and Blueprint contexts.</p><p>This approach is
recommended for developers building CXF JAX-RS endpoints to be deployed in OSGI
and which will do RequestDispatcher-based forwards.</p><p>Additionally it
allows to reuse the same Blueprint contexts between OSGI and non-OSGI
deployments.</p><p>Both options below work with CXF 3.1.3:</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><dependency>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
<version>3.1.3</version>
</dependency>
</pre>
</div></div><p> </p><h2
id="JAXRSServicesConfiguration-Mavendependencies">Maven dependencies</h2><h3
id="JAXRSServicesConfiguration-OSGI.1">OSGI</h3><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><dependency>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><dependency>
<groupId>org.apache.aries.blueprint</groupId>
<artifactId>org.apache.aries.blueprint.webosgi</artifactId>
<version>1.0.1</version>
</dependency>
</pre>
</div></div><p>In OSGI (Karaf) one should also install a 'war' feature.</p><h3
id="JAXRSServicesConfiguration-ServletContainer">Servlet Container</h3><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><dependency>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><dependency>
<groupId>org.apache.aries.blueprint</groupId>
<artifactId>org.apache.aries.blueprint.web</artifactId>
<version>1.1.1</version>
</dependency>
</pre>
</div></div><p> </p><h2
id="JAXRSServicesConfiguration-Commonexample">Common
example</h2><p> </p><p>This <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/systests/jaxrs/src/test/resources/jaxrs_soap_blueprint/WEB-INF/web.xml";
rel="nofollow">web.xml</a> shows how to setup CXFBlueprintServlet which
processes <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/systests/jaxrs/src/test/resources/jaxrs_soap_blueprint/WEB-INF/beans.xml";
rel="nofollow">this Blueprint context.</a> It works exactly the same way in
OSGI and non-OSGI environments.</p><h1
id="JAXRSServicesConfiguration-ConfiguringJAX-RSservicesincontainerwithSpringconfigurationfile.">Configuring
JAX-RS services in container with Spring configuration file.</h1><h2
id="JAXRSServicesConfiguration-web.xml">web.xml</h2><p>In web.xml one needs to
register one or more CXFServlet(s) and link to an application context
configuration.</p><h3 id="JAXRSServicesC
onfiguration-UsingSpringContextLoaderListener">Using Spring
ContextLoaderListener</h3><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><?xml version="1.0" encoding="ISO-8859-1"?>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
@@ -273,7 +273,7 @@ sf.create();
</web-app>
</pre>
</div></div><p>The application context configuration is shared between all the
CXFServlets</p><h3
id="JAXRSServicesConfiguration-UsingCXFServletinitparameters">Using CXFServlet
init parameters</h3><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><?xml version="1.0" encoding="ISO-8859-1"?>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
@@ -318,7 +318,7 @@ sf.create();
</web-app>
</pre>
</div></div><p>Each CXFServlet can get a unique application context
configuration. Note, no Spring ContextLoaderListener is registered in web.xml
in this case.</p><h2
id="JAXRSServicesConfiguration-beans.xml">beans.xml</h2><div class="code panel
pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><?xml version="1.0" encoding="UTF-8"?>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxrs="http://cxf.apache.org/jaxrs";
@@ -343,7 +343,7 @@ http://cxf.apache.org/schemas/jaxrs.xsd";
</beans>
</pre>
</div></div><p>In the above configuration all resources will be configured as
singletons, see <a shape="rect"
href="jaxrs-services-configuration.html">below</a> for information on creating
per-request resources.</p><h1
id="JAXRSServicesConfiguration-ConfiguringJAX-RSservicesusingexplicitbeanconfiguration">Configuring
JAX-RS services using explicit bean configuration</h1><p>Note that
jaxrs:server (and jaxrs:client) declarations depend on
'http://cxf.apache.org/jaxrs' Spring NamespaceHandler be available on
classpath. Sometimes, due to classloading restrictions or bugs in underlying
containers which are exposed during complex deployments or due to multiple
Spring libraries interfering with each other, NamespaceHandler can not be
located and thus jaxrs endpoints can not be created. <br clear="none"> Please
report such issues to the team working on developing the container
itself.</p><p>If you need to do Spring configuration and get an error to do
with a missing NamespaceHandler then, a
s a workaround, consider configuring jaxrs endpoints using CXF beans which
actually handle the creation of jaxrs:server endpoints. This is marginally more
complex, but overall, the configuration ends up being quite similar, for
example, the above jaxrs:server endpoint can be configured like this
instead:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><?xml version="1.0" encoding="UTF-8"?>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="
@@ -365,7 +365,7 @@ http://www.springframework.org/schema/be
</pre>
</div></div><h1 id="JAXRSServicesConfiguration-SpringAOP">Spring
AOP</h1><p>CXF JAX-RS is capable of working with AOP interceptors applied to
resource classes from Spring.<br clear="none"> For example:</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><beans xmlns:jaxrs="http://cxf.apache.org/jaxrs";
xmlns:aop="http://www.springframework.org/schema/aop";
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><beans xmlns:jaxrs="http://cxf.apache.org/jaxrs";
xmlns:aop="http://www.springframework.org/schema/aop";
xsi:schemaLocation=" http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/aop
@@ -399,7 +399,7 @@ http://www.springframework.org/schema/be
</pre>
</div></div><p>Note that some AOP configuration is applied to two JAX-RS
resource classes. By default Spring uses JDK dynamic proxies if a class to be
proxified implements at least one interface or CGLIB proxies
otherwise.</p><p>For example, here's how
org.apache.cxf.systest.jaxrs.BookStoreWithInterface looks like:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">public interface BookInterface {
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">public interface BookInterface {
@GET
@Path("/thosebooks/{bookId}/")
@Produces("application/xml")
@@ -422,10 +422,10 @@ public class BookStoreWithInterface exte
}
</pre>
</div></div><p>In this case Spring will use a JDK dynamic proxy to wrap a
BookStoreWithInterface class. As such it is important that the method which
needs to be invoked such as getThatBook(...) will be part of the
interface.</p><p>The other method, getTheBook() can not be dispatched to by a
JAX-RS runtime as it's not possible to discover it through a JDK proxy. If this
method also needs to be invoked then this method should either be added to the
interface or CGLIB proxies have to be explicitly enabled (consult Spring AOP
documentation for more details). For example:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><aop:config proxy-target-class="true"/>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><aop:config proxy-target-class="true"/>
</pre>
</div></div><h1
id="JAXRSServicesConfiguration-ConfiguringJAX-RSservicesincontainerwithoutSpring">Configuring
JAX-RS services in container without Spring</h1><p>If you prefer, you can
register JAX-RS endpoints without depending on Spring with the help of
CXFNonSpringJaxrsServlet :</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><servlet>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><servlet>
<servlet-name>CXFServlet</servlet-name>
<display-name>CXF Servlet</display-name>
<servlet-class>
@@ -487,7 +487,7 @@ public class BookStoreWithInterface exte
</servlet>
</pre>
</div></div><p>When service classes and providers are registered this way, the
default life-cycle is 'singleton'. You can override it by setting a
"jaxrs.scope" parameter with the value of 'prototype' (equivalent to
per-request). <br clear="none"> By default, the endpoint address is "/". One
can provide a more specific value using a "jaxrs.address" parameter.</p><p>Note
that multiple service  or providers class names are separated by a comma.
Users may want to use a "class.parameter.split.char" servlet parameter with the
value "space" when</p><p>migrating from the older CXF versions were the space
was used to separate multiple class names.</p><p>If the referenced service
classes are not annotated with JAX-RS annotations then an external user model
can also be linked to :</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><servlet>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><servlet>
<servlet-name>CXFServlet</servlet-name>
<display-name>CXF Servlet</display-name>
<servlet-class>
@@ -510,7 +510,7 @@ public class BookStoreWithInterface exte
</servlet>
</pre>
</div></div><p>A more portable way to register resource classes and providers
with CXFNonSpringJaxrsServlet is to use a JAX-RS Application <a shape="rect"
class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookApplication.java";>implementation</a>
:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><servlet>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><servlet>
<servlet-name>CXFServlet</servlet-name>
<display-name>CXF Servlet</display-name>
<servlet-class>
@@ -534,7 +534,7 @@ public class BookStoreWithInterface exte
</servlet>
</pre>
</div></div><p>Note that Application.getClasses() method returns a set of
per-request resource class names. Application.getSingletons() returns a list of
singleton resource and provider classes.</p><p>Starting from CXF
2.3.7/2.4.3/2.5.0 it is possible to simple properties for resource and
Application classes, providers and interceptors:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><servlet>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><servlet>
<servlet-name>CXFServlet</servlet-name>
<display-name>CXF Servlet</display-name>
<servlet-class>
@@ -551,7 +551,7 @@ public class BookStoreWithInterface exte
</servlet>
</pre>
</div></div><p>In the above example,
org.apache.cxf.systest.jaxrs.BookApplication is expected to have setName and
setId setters, with a single primitive or List parameter
type.</p><p><strong>Note</strong> that having the web-app_2_3.dtd DTD
referenced from web.xml will likely prevent 'param-value' containing spaces and
make it difficult to specify multiple providers like this:</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"> <init-param>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"> <init-param>
<param-name>jaxrs.providers</param-name>
<param-value>
mypackage.Provider1
@@ -562,7 +562,7 @@ public class BookStoreWithInterface exte
</servlet>
</pre>
</div></div><p>In such cases consider moving to the web-app 2.5 schema or
extending CXFNonSpringJaxrsProviders or introducing an Application.</p><h2
id="JAXRSServicesConfiguration-AttachingJAXRSendpointstoanexistingJettyserver">Attaching
JAXRS endpoints to an existing Jetty server</h2><p>Here is a code fragment
showing how it can be done with the help of CxfNonSpringJaxrsServlet :</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">CXFNonSpringJAXRSServlet cxf = new
CXFNonSpringJaxrsServlet();
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">CXFNonSpringJAXRSServlet cxf = new
CXFNonSpringJaxrsServlet();
...
@@ -574,7 +574,7 @@ root.addServlet(servlet, "/*");
</pre>
</div></div><h1
id="JAXRSServicesConfiguration-JAX-RSRuntimeDelegateandApplications">JAX-RS
RuntimeDelegate and Applications</h1><p>If you have a JAX-RS Application
implementation available and would like to minimize the interaction with the
CXF JAX-RS specific API, you may want to use the JAX-RS RuntimeDelegate
:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">import javax.ws.rs.ext.RuntimeDelegate;
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">import javax.ws.rs.ext.RuntimeDelegate;
import org.apache.cxf.endpoint.Server;
import org.apache.cxf.jaxrs.JAXRSServerFactoryBean;
@@ -593,7 +593,7 @@ server.stop();
</pre>
</div></div><p>Note that the above code makes sure an @ApplicationPath value
(if CustomApplication has this annotation) is taken into account.</p><h1
id="JAXRSServicesConfiguration-ConfiguringJAX-RSservicesprogrammaticallywithSpringconfigurationfile.">Configuring
JAX-RS services programmatically with Spring configuration file.</h1><p>When
using Spring explicitly in your code, you may want to follow this example
:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">ClassPathXmlApplicationContext ctx = new
ClassPathXmlApplicationContext(new String[]
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">ClassPathXmlApplicationContext ctx = new
ClassPathXmlApplicationContext(new String[]
{"/org/apache/cxf/jaxrs/spring/servers.xml"});
// 'simple' is the id of the jaxrs server bean
@@ -601,13 +601,13 @@ JAXRSServerFactoryBean sfb = (JAXRSServe
sfb.create();
</pre>
</div></div><p>Note that in in this case your Spring configuration file should
import cxf-extension-http-jetty.xml instead of cxf-servlet.xml :</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><!--
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><!--
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
-->
<import resource="classpath:META-INF/cxf/cxf-extension-http-jetty.xml" />
</pre>
</div></div><h1 id="JAXRSServicesConfiguration-Lifecyclemanagement">Lifecycle
management</h1><h2 id="JAXRSServicesConfiguration-FromSpring">From
Spring</h2><p>By default, the service beans which are referenced directly from
the jaxrs:server endpoint declarations are treated by the runtime as singleton
JAX-RS root resources. For example:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><beans>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><beans>
<jaxrs:server id="customerService" address="/service1">
<jaxrs:serviceBeans>
<ref bean="customerBean" />
@@ -622,7 +622,7 @@ sfb.create();
</beans>
</pre>
</div></div><p>Spring instantiates and injects the customerBean reference and
the runtime will access this reference directly afterwards. Effectively, the
scope attribute which may be present on the customerBean bean declaration is
ignored in this case, <strong>unless the Spring AOP is used to enforce the
required scope</strong> (see below for more information).</p><p>The
'serviceFactories' element or beanNames attribute has to be used for a
'prototype', 'request' and other Spring bean scopes be supported.</p><p>For
example, the serviceFactories element can reference one or more beans of type
'org.apache.cxf.jaxrs.spring.SpringResourceFactory' which in turn reference the
actual service beans.</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><beans>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><beans>
<jaxrs:server id="customerService" address="/service1">
<jaxrs:serviceFactories>
<ref bean="sfactory1" />
@@ -642,7 +642,7 @@ sfb.create();
</beans>
</pre>
</div></div><p>In this example, the jaxrs:server endpoint has two JAX-RS root
resources (customerBean1 and customerBean2) with the Spring 'prototype'
scope.<br clear="none"> Other scopes can also be supported.</p><p>If using the
jaxrs:serviceFactories element seems a bit verbose then the 'beanNames'
attribute can be used instead:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><beans>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><beans>
<jaxrs:server id="customerService" address="/service1"
beanNames="customerBean1 customerBean2"/>
@@ -651,7 +651,7 @@ sfb.create();
</beans>
</pre>
</div></div><p>The beanNames attribute lists the names/ids of service beans
separated by space. The jaxrs:serviceFactories element has to be used when
users register custom CXF JAX-RS <a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/lifecycle/ResourceProvider.java";>ResourceProvider</a>
implementations.</p><p>Another approach toward supporting complex scopes in
Spring is to use Spring AOP. For example, the following fragment shows how to
have the Spring "request" scope supported:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><beans
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><beans
xmlns="http://www.springframework.org/schema/beans";
xmlns:aop="http://www.springframework.org/schema/aop";
xmlns:jaxrs="http://cxf.apache.org/jaxrs";
@@ -676,12 +676,12 @@ sfb.create();
</beans>
</pre>
</div></div><p>in addition, the following servlet listener has to be added to
the web.xml:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><listener>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
</pre>
</div></div><p>The request-scoped service bean instances (example,
org.apache.cxf.systest.jaxrs.CustomerService instances) are not actually
available at the initialization time thus one limitation of the above
configuration is that it is not possible to inject JAX-RS contexts into these
service beans. This is not a show-stopper because contexts such as UriInfo can
be passed in as resource method parameters. However, if the injection into the
fields or via method setters is required then a little customization of the
org.apache.cxf.jaxrs.spring.SpringResourceFactory will do the trick.
Particularly, the Spring ApplicationContext reports that a request-scoped bean
is a singleton but the JAX-RS runtime can not inject thread-local proxies given
that the actual instance is not available as explained above; in fact, the
request-scoped beans are not really JAX-RS singletons. Thus a simple custom
factory like <a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/cxf/tru
nk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/RequestScopeResourceFactory.java">this
one</a> is needed and it has to be used the following way:</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><beans>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><beans>
<jaxrs:server id="customerService" address="/service1">
<jaxrs:serviceFactories>
<bean
class="org.apache.cxf.systest.jaxrs.RequestScopeResourceFactory">
@@ -694,20 +694,20 @@ sfb.create();
</beans>
</pre>
</div></div><p>The above configuration makes sure that the CXF JAX-RS runtime
injects the values at the request time given that the customerBean bean is not
seen as a JAX-RS singleton. This approach is only needed if the injection of
contexts is required.</p><h2
id="JAXRSServicesConfiguration-WithCXFNonSpringJaxrsServlet">With
CXFNonSpringJaxrsServlet</h2><p>CXFNonSpringJaxrsServlet uses 'Singleton' as a
default scope for service classes specified by a "jaxrs.serviceClasses" servlet
parameter. It can be overridden by setting a "jaxrs.scope" parameter to a
"prototype" value or by not using the "jaxrs.serviceClasses" parameter at all
and registering a JAXRS Application implementation instead. Please see the
section describing CXFNonSpringJaxrsServlet for more
details.</p><p>CXFNonSpringJaxrsServlet can support singleton scopes for
classes with constructors expecting JAXRS contexts, at the moment it can only
inject ServletContext or ServletConfig contexts :</p><div class="code panel pd
l" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">@Path("/")
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">@Path("/")
public class SingletonResourceClass {
public SingletonResourceClass(@Context ServletContext context, @Context
ServletConfig context2) {}
}
</pre>
</div></div><h2
id="JAXRSServicesConfiguration-Programmatically">Programmatically</h2><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">JAXRSServerFactoryBean sf = new
JAXRSServerFactoryBean();
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">JAXRSServerFactoryBean sf = new
JAXRSServerFactoryBean();
sf.setResourceClass(CustomerService.class);
sf.setResourceProvider(new SingletonResourceProvider(new CustomerService()));
sf.setResourceClass(CustomerService2.class);
sf.setResourceProvider(new PerRequestResourceProvider(CustomerService.class));
</pre>
</div></div><h2
id="JAXRSServicesConfiguration-PostConstructandPreDestroy">PostConstruct and
PreDestroy</h2><p>Bean methods annotated with @PostConstruct and @PreDestroy
annotations will be called as expected by the scope rules. <br clear="none">
Singleton beans will have their postconstruct method called when the endpoint
is created. If a given singleton resource instance was created by Spring then
its predestroy method will also be called after, for example, the web
application which uses it is about to be unloaded. At the moment singletons
created by CXFNonSpringJaxrsServlet or programmatically will only have their
postconstruct method (if any) called.</p><p>Prototype beans will have their
postconstruct and predestroy method called before a resource method is invoked
and immediately after the invocation has returned but before the response has
actually been serialized. You can indicate that the predestroy method has to be
called after the request has completely gone out of scope
(that is after the response body if any has been written to the output stream)
by adding an "org.apache.cxf.jaxrs.service.scope" property with the value set
to "request".</p><p>You can also register a custom Spring resource factory by
extending org.apache.cxf.jaxrs.spring.SpringResourceFactory or providing a more
sophisticated implementation.</p><h1
id="JAXRSServicesConfiguration-Locatingcustomresourcesinwebapplications">Locating
custom resources in web applications</h1><p>Resources like schemas, custom
XSLT templates and user models are typically referenced using a classpath:
prefix. Thus one can add them to a WEB-INF/classes folder in a given web
application.<br clear="none"> Since CXF 2.2.3 one can put them directly under
WEB-INF, for example into WEB-INF/xslt, WEB-INF/schemas, WEB-INF/model and
referencing them like 'classpath:/WEB-INF/xslt/template.xsl'.</p><h1
id="JAXRSServicesConfiguration-Multipleendpointsandresourceclasses">Multiple
endpoints and resource classes</h1><p>One
can configure as many jaxrs:server endpoints as needed for a given
application, with every endpoint possibly providing an alternative path to a
single resource bean. Every endpoint can employ as many shared or unique
resource classes as needed, and have common or different providers.</p><h1
id="JAXRSServicesConfiguration-Sharingprovidersbetweenmultipleendpoints">Sharing
providers between multiple endpoints</h1><p>One way to share multiple
providers between multiple endpoints is to refer to the same provider bean from
within jaxrs:provider sections:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><beans>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><beans>
<jaxrs:server id="customerService" address="/service1">
<jaxrs:serviceBeans>
<bean class="org.apache.cxf.systest.jaxrs.CustomerService"/>
@@ -732,7 +732,7 @@ sf.setResourceProvider(new PerRequestRes
</pre>
</div></div><p>Starting from CXF 2.7.2 it is possible to register provider
directly on the bus as the bus properties and share them between all the
providers using this bus:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><beans>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><beans>
<cxf:bus>
<cxf:properties>
@@ -757,7 +757,7 @@ sf.setResourceProvider(new PerRequestRes
</beans>
</pre>
</div></div><p>Note a global exception mapper has been registered using the
name of interface, "javax.ws.rs.ext.ExceptionMapper", which all the exception
mappers have to implement.</p><p>Note that once can register global per-bus
providers using "javax.ws.rs.ext.ExceptionMapper",
"javax.ws.rs.ext.MessageBodyReader" or "javax.ws.rs.ext.MessageBodyWriter" bus
properties with the registered providers expected to implement either of these
interfaces.</p><p>Alternatively, one can have all the providers (JAX-RS and
CXF-specific) registered with a bus using "org.apache.cxf.jaxrs.bus.providers"
list property:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><beans
xmlns:util="http://www.springframework.org/schema/util">
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><beans
xmlns:util="http://www.springframework.org/schema/util">
<cxf:bus>
<cxf:properties>
@@ -790,7 +790,7 @@ sf.setResourceProvider(new PerRequestRes
</beans>
</pre>
</div></div><h1
id="JAXRSServicesConfiguration-DynamicservletsandasingleJAX-RSendpoint">Dynamic
servlets and a single JAX-RS endpoint</h1><p>Note: this is not required by
default starting from CXF 3.0.0-milestone1</p><p>In some advanced cases you may
want to dynamically add new servlets (CXFServlet or CXFNonSpringJaxrsServlet)
with all of them serving the same JAX-RS endpoints. In this case you most
likely want to configure servlets so that the CXF endpoint address is not
overridden :</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;">{code:xml}
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">{code:xml}
<servlet>
<servlet-name>CXFServlet</servlet-name>
<display-name>CXF Servlet</display-name>
@@ -809,9 +809,9 @@ sf.setResourceProvider(new PerRequestRes
</servlet>
</pre>
</div></div><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"> </pre>
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"> </pre>
</div></div><h1
id="JAXRSServicesConfiguration-Auto-discoveryofrootresourcesandproviders">Auto-discovery
of root resources and providers</h1><p>Starting from CXF 3.0.0 it is possible
to enable the auto-discovery of JAX-RS roots and providers with the regular CXF
JAX-RS endpoint declarations done in XML . Currently it is only possible with
Spring. Patch supporting it for Blueprint is available and will be dealt with
asap.</p><pre> </pre><h2
id="JAXRSServicesConfiguration-Spring.1">Spring</h2><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><beans
xmlns="http://www.springframework.org/schema/beans";
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><beans
xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxrs="http://cxf.apache.org/jaxrs";
xsi:schemaLocation="
@@ -836,7 +836,7 @@ sf.setResourceProvider(new PerRequestRes
</pre>
</div></div><p>Note the above does not require Spring annotations such
as @Component added to JAX-RS provider or resources.</p><p>If you prefer
doing a pure Spring-based auto-discovery you can have @Component added to
JAX-RS application classes and do</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: bash; gutter: false; theme: Confluence"
style="font-size:12px;"><beans
xmlns="http://www.springframework.org/schema/beans";
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><beans
xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxrs="http://cxf.apache.org/jaxrs";
xsi:schemaLocation="
