Author: buildbot
Date: Wed Apr 11 11:57:31 2018
New Revision: 1028232
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/a-simple-jax-ws-service.html
websites/production/cxf/content/docs/jax-rs-jose.html
websites/production/cxf/content/docs/jax-ws-configuration.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/a-simple-jax-ws-service.html
==============================================================================
--- websites/production/cxf/content/docs/a-simple-jax-ws-service.html (original)
+++ websites/production/cxf/content/docs/a-simple-jax-ws-service.html Wed Apr
11 11:57:31 2018
@@ -28,6 +28,15 @@
<meta name="description" content="Apache CXF, Services Framework - A simple
JAX-WS service">
+<link type="text/css" rel="stylesheet"
href="/resources/highlighter/styles/shCoreCXF.css">
+<link type="text/css" rel="stylesheet"
href="/resources/highlighter/styles/shThemeCXF.css">
+
+<script src='/resources/highlighter/scripts/shCore.js'></script>
+<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
+<script>
+ SyntaxHighlighter.defaults['toolbar'] = false;
+ SyntaxHighlighter.all();
+</script>
<title>
@@ -107,82 +116,75 @@ Apache CXF -- A simple JAX-WS service
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><p>This example will lead you through creating
your first service with doing "code first" development with JAX-WS.</p>
-
-
-
-
-<p>This example corresponds to the <a shape="rect" class="external-link"
href="http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/java_first_jaxws/";>java_first_jaxws</a>
example in the CXF distribution.</p>
-
-<h1 id="AsimpleJAX-WSservice-Settingupyourbuild">Setting up your build</h1>
-
-<p>The use of <a shape="rect" class="external-link"
href="http://maven.apache.org/";>Apache Maven</a> is recommended for your web
service projects, as it will automatically bring in all necessary dependencies
for your web service project. See the Maven <a shape="rect"
class="external-link"
href="http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/java_first_jaxws/pom.xml?view=co&revision=1373526&content-type=text%2Fplain";>pom.xml</a>
for this sample for the configuration needed. All samples provided by CXF use
Apache Maven, except for the <a shape="rect" class="external-link"
href="http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/antbuild/";>antbuild
sample</a> which shows how you can build CXF projects with Apache Ant
instead.</p>
-
-<p>The mvn dependency:list and mvn dependency:tree commands from the <a
shape="rect" class="external-link"
href="http://maven.apache.org/plugins/maven-dependency-plugin/";>Maven
Dependency Plugin</a> will show all dependencies used by your project.</p>
-
-
-<h1 id="AsimpleJAX-WSservice-WritingyourService">Writing your Service</h1>
-<p>First we'll write our service interface. It will have one operation called
<code>sayHi</code> which says "Hello" to whoever submits their name.</p>
-<plain-text-body>{snippet:id=service|lang=java|url=cxf/trunk/distribution/src/main/release/samples/java_first_jaxws/src/main/java/demo/hw/server/HelloWorld.java}</plain-text-body>
-
-<p>To make sure your parameter is named correctly in the xml you should
use:</p>
-
-<plain-text-body>
-@WebService
+<div id="ConfluenceContent"><p>This example will lead you through creating
your first service with doing "code first" development with JAX-WS.</p><p>This
example corresponds to the <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/tree/master/distribution/src/main/release/samples/java_first_jaxws";
rel="nofollow">java_first_jaxws</a> example in the CXF distribution.</p><h1
id="AsimpleJAX-WSservice-Settingupyourbuild">Setting up your build</h1><p>The
use of <a shape="rect" class="external-link"
href="http://maven.apache.org/";>Apache Maven</a> is recommended for your web
service projects, as it will automatically bring in all necessary dependencies
for your web service project. See the Maven <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/distribution/src/main/release/samples/java_first_jaxws/pom.xml";
rel="nofollow">pom.xml</a> for this sample for the configuration needed. All
samples provided by CXF use Apache Maven, except
for the <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/tree/master/distribution/src/main/release/samples/antbuild";
rel="nofollow">antbuild sample</a> which shows how you can build CXF projects
with Apache Ant instead.</p><p>The mvn dependency:list and mvn dependency:tree
commands from the <a shape="rect" class="external-link"
href="http://maven.apache.org/plugins/maven-dependency-plugin/";>Maven
Dependency Plugin</a> will show all dependencies used by your project.</p><h1
id="AsimpleJAX-WSservice-WritingyourService">Writing your Service</h1><p>First
we'll write our service interface. It will have one operation called
<code>sayHi</code> which says "Hello" to whoever submits their name.</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeHeader
panelHeader pdl" style="border-bottom-width: 1px;"><b>HelloWorld</b></div><div
class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">@WebService
public interface HelloWorld {
- String sayHi(@WebParam(name="text") String text);
-}
-</plain-text-body>
-
-<p>The @WebParam annotation is necessary as java interfaces do not store the
Parameter name in the .class file. So if you leave out the annotation your
parameter will be named arg0.</p>
-
-<p>Our implementation will then look like this:</p>
-<plain-text-body>{snippet:id=service|lang=java|url=cxf/trunk/distribution/src/main/release/samples/java_first_jaxws/src/main/java/demo/hw/server/HelloWorldImpl.java}</plain-text-body>
-
-<p>The @WebService annotation on the implementation class lets CXF know which
interface we want to create our WSDL with. In this case its simply our
HelloWorld interface.</p>
-
-<h1 id="AsimpleJAX-WSservice-Publishingyourservice">Publishing your
service</h1>
-<plain-text-body>{snippet:id=publish|lang=java|url=cxf/trunk/distribution/src/main/release/samples/java_first_jaxws/src/main/java/demo/hw/server/Server.java}</plain-text-body>
-
-<p>whole code at
-<a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/java_first_jaxws/src/main/java/demo/hw/server/Server.java";>http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/java_first_jaxws/src/main/java/demo/hw/server/Server.java</a></p>
-
-<p>Alternatively you can use the following code. This gives you more control
over the behaviour. For example you can add a logging interceptor:</p>
-
-<plain-text-body>
-HelloWorldImpl implementor = new HelloWorldImpl();
-JaxWsServerFactoryBean svrFactory = new JaxWsServerFactoryBean();
-svrFactory.setServiceClass(HelloWorld.class);
-svrFactory.setAddress("http://localhost:9000/helloWorld";);
-svrFactory.setServiceBean(implementor);
-svrFactory.getInInterceptors().add(new LoggingInInterceptor());
-svrFactory.getOutInterceptors().add(new LoggingOutInterceptor());
-svrFactory.create();
-</plain-text-body>
-
-<p>You could leave out the ServiceClass. But it is better to use it so the
server and the client are created from the same interface. If you instead only
use the implementation class subtle problems may occur.</p>
-
-<p>Pointing your browser at <a shape="rect" class="external-link"
href="http://localhost:9000/helloWorld?wsdl";
rel="nofollow">http://localhost:9000/helloWorld?wsdl</a> will display the wsdl
for this service</p>
-
-<h1 id="AsimpleJAX-WSservice-Accessingyourservice">Accessing your service</h1>
-
-<p>and client code to see it working is at
-<a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/java_first_jaxws/src/main/java/demo/hw/client/Client.java";>http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/java_first_jaxws/src/main/java/demo/hw/client/Client.java</a></p>
-
-<p>For the client there is also the alternative approach that gives you more
flexibility. Of course like above the logging interceptors are optional but
they help a lot when starting:</p>
-<plain-text-body>
-JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
-factory.getInInterceptors().add(new LoggingInInterceptor());
-factory.getOutInterceptors().add(new LoggingOutInterceptor());
-factory.setServiceClass(HelloWorld.class);
-factory.setAddress("http://localhost:9000/helloWorld";);
-HelloWorld client = (HelloWorld) factory.create();
+ String sayHi(String text);
-String reply = client.sayHi("HI");
-System.out.println("Server said: " + reply);
-System.exit(0);
-</plain-text-body></div>
+ /* Advanced usecase of passing an Interface in. JAX-WS/JAXB does not
+ * support interfaces directly. Special XmlAdapter classes need to
+ * be written to handle them
+ */
+ String sayHiToUser(User user);
+
+ /* Map passing
+ * JAXB also does not support Maps. It handles Lists great, but Maps are
+ * not supported directly. They also require use of a XmlAdapter to map
+ * the maps into beans that JAXB can use.
+ */
+ @XmlJavaTypeAdapter(IntegerUserMapAdapter.class)
+ Map<Integer, User> getUsers();
+} </pre>
+</div></div><p>To make sure your parameter is named correctly in the xml you
should use:</p><p>@WebService public interface HelloWorld { String
sayHi(@WebParam(name="text") String text); }</p><p>The @WebParam annotation is
necessary as java interfaces do not store the Parameter name in the .class
file. So if you leave out the annotation your parameter will be named
arg0.</p><p>Our implementation will then look like this:</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl"
style="border-bottom-width: 1px;"><b>HelloWorldImpl</b></div><div
class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">package demo.hw.server;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+import javax.jws.WebService;
+
+@WebService(endpointInterface = "demo.hw.server.HelloWorld",
+ serviceName = "HelloWorld")
+public class HelloWorldImpl implements HelloWorld {
+
+ Map<Integer, User> users = new LinkedHashMap<Integer, User>();
+
+ public String sayHi(String text) {
+ System.out.println("sayHi called");
+ return "Hello " + text;
+ }
+
+ public String sayHiToUser(User user) {
+ System.out.println("sayHiToUser called");
+ users.put(users.size() + 1, user);
+ return "Hello " + user.getName();
+ }
+
+ public Map<Integer, User> getUsers() {
+ System.out.println("getUsers called");
+ return users;
+ }
+}</pre>
+</div></div><p> </p><p>The @WebService annotation on the implementation
class lets CXF know which interface we want to create our WSDL with. In this
case its simply our HelloWorld interface.</p><h1
id="AsimpleJAX-WSservice-Publishingyourservice">Publishing your
service</h1><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width:
1px;"><b>Server</b></div><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">HelloWorldImpl implementor = new HelloWorldImpl();
+String address = "http://localhost:9000/helloWorld";;
+Endpoint.publish(address, implementor);</pre>
+</div></div><p>whole code at <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/distribution/src/main/release/samples/java_first_jaxws/src/main/java/demo/hw/server/Server.java";
rel="nofollow">https://github.com/apache/cxf/blob/master/distribution/src/main/release/samples/java_first_jaxws/src/main/java/demo/hw/server/Server.java</a></p><p>Alternatively
you can use the following code. This gives you more control over the
behaviour. For example you can add a logging interceptor:</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl"
style="border-bottom-width: 1px;"><b>ServerFactoryBean</b></div><div
class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">HelloWorldImpl implementor = new HelloWorldImpl();
+JaxWsServerFactoryBean svrFactory = new JaxWsServerFactoryBean();
+svrFactory.setServiceClass(HelloWorld.class);
+svrFactory.setAddress("http://localhost:9000/helloWorld";);
+svrFactory.setServiceBean(implementor);
+svrFactory.create();</pre>
+</div></div><p>You could leave out the ServiceClass. But it is better to use
it so the server and the client are created from the same interface. If you
instead only use the implementation class subtle problems may
occur.</p><p>Pointing your browser at <a shape="rect" class="external-link"
href="http://localhost:9000/helloWorld?wsdl";
rel="nofollow">http://localhost:9000/helloWorld?wsdl</a> will display the wsdl
for this service</p><h1
id="AsimpleJAX-WSservice-Accessingyourservice">Accessing your
service</h1><p>and client code to see it working is at <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/distribution/src/main/release/samples/java_first_jaxws/src/main/java/demo/hw/client/Client.java";
rel="nofollow">https://github.com/apache/cxf/blob/master/distribution/src/main/release/samples/java_first_jaxws/src/main/java/demo/hw/client/Client.java</a></p><p>For
the client there is also the alternative approach that gives you more
flexibility:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeHeader
panelHeader pdl" style="border-bottom-width: 1px;"><b>Client</b></div><div
class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">JaxWsProxyFactoryBean factory = new
JaxWsProxyFactoryBean();
+factory.setServiceClass(HelloWorld.class);
+factory.setAddress("http://localhost:9000/helloWorld";);
+HelloWorld client = (HelloWorld) factory.create();
+String reply = client.sayHi("HI");
+System.out.println("Server said: " + reply);
+</pre>
+</div></div></div>
</div>
<!-- Content -->
</td>
Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Wed Apr 11 11:57:31
2018
@@ -32,10 +32,10 @@
<link type="text/css" rel="stylesheet"
href="/resources/highlighter/styles/shThemeCXF.css">
<script src='/resources/highlighter/scripts/shCore.js'></script>
-<script src='/resources/highlighter/scripts/shBrushBash.js'></script>
-<script src='/resources/highlighter/scripts/shBrushXml.js'></script>
<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
+<script src='/resources/highlighter/scripts/shBrushXml.js'></script>
<script src='/resources/highlighter/scripts/shBrushJScript.js'></script>
+<script src='/resources/highlighter/scripts/shBrushBash.js'></script>
<script>
SyntaxHighlighter.defaults['toolbar'] = false;
SyntaxHighlighter.all();
@@ -119,12 +119,12 @@ Apache CXF -- JAX-RS JOSE
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><p> </p><p> </p><p><style
type="text/css">/*<![CDATA[*/
-div.rbtoc1508777354982 {padding: 0px;}
-div.rbtoc1508777354982 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1508777354982 li {margin-left: 0px;padding-left: 0px;}
+<div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
+div.rbtoc1523447812407 {padding: 0px;}
+div.rbtoc1523447812407 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1523447812407 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1508777354982">
+/*]]>*/</style></p><div class="toc-macro rbtoc1523447812407">
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-Introduction">Introduction</a></li><li><a shape="rect"
href="#JAX-RSJOSE-MavenDependencies">Maven Dependencies</a></li><li><a
shape="rect" href="#JAX-RSJOSE-JavaandJCEPolicy">Java and JCE
Policy </a></li><li><a shape="rect"
href="#JAX-RSJOSE-JOSEOverviewandImplementation">JOSE Overview and
Implementation</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-JWAAlgorithms">JWA Algorithms</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWKKeys">JWK Keys</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWSSignature">JWS Signature</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-SignatureandVerificationProviders">Signature and Verification
Providers</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSCompact">JWS
Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSON">JWS
JSON</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithDetachedContent">JWS
with Detached Content</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWSwithUnencodedPayload">JWS with Unencoded
Payload</a></li></ul>
@@ -851,7 +851,7 @@ JweDecryptionProvider jweIn = JweUtils.l
</div></div><p>The providers may be initialized from a single properties file
or each of them may have specific properties allocated to it.</p><p>Sometimes
it can be useful to load the properties only and check the signature or
encryption algorithm and load a JWS or JWE provider directly as shown in JWS
and JWE sections above.</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width:
1px;"><b>Loading JWS and JWE properties</b></div><div class="codeContent
panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">Properties jwsProps =
JweUtils.loadEncryptionProperties("jws.properties", true);
Properties jweProps = JweUtils.loadEncryptionProperties("jwe.properties",
true);</pre>
-</div></div><p>After loading the properties one can check various property
values (signature algorithm, etc) and use it to create a required
provider.</p><p>The above code needs to be executed in the context of the
current request (in server or client in/out interceptors or server service
code) as it expects the current CXF Message be available in order to deduce
where to load the configuration properties from. However <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java";
rel="nofollow">JwsUtils</a> and <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java";
rel="nofollow">JweUtils</a> provide a number of utility methods for loading
the providers without loading the properties first which can be used when
setting up the c
lient code or when no properties are available in the current request
context.</p><p> </p><p>When the code needs to load the configuration
properties it first looks for the property 'container' file which contains the
specific properties instructing which keys and algorithms need to be used.
Singature or encryption properties for in/out operations can be provided.
 </p><h2 id="JAX-RSJOSE-ConfigurationPropertyContainers">Configuration
Property Containers</h2><h3 id="JAX-RSJOSE-Signature">Signature</h3><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.signature.out.properties</td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The signature properties file
for Compact or JSON signature creation. If not specified then it falls back to
"rs.security.signature.properties".</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.signature.in.properties</td><td
colspan="1" rowspa
n="1" class="confluenceTd"><p>The signature properties file for Compact or
JSON signature verification. If not specified then it falls back to
"rs.security.signature.properties".</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.signature.properties</td><td
colspan="1" rowspan="1" class="confluenceTd">The signature properties file for
Compact or JSON signature
creation/verification.</td></tr></tbody></table></div><h3
id="JAX-RSJOSE-Encryption">Encryption</h3><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.encryption.out.properties</td><td colspan="1"
rowspan="1" class="confluenceTd"><p>The encryption properties file for Compact
or JSON encryption creation. If not specified then it falls back to
"rs.security.encryption.properties".</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.encryption.in.properties</td><td
colspan="1" rowspan="1" class="conflue
nceTd"><p>The encryption properties file for Compact or JSON decryption. If
not specified then it falls back to
"rs.security.encryption.properties".</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.encryption.properties</td><td
colspan="1" rowspan="1" class="confluenceTd">The encryption properties file for
encryption/decryption.</td></tr></tbody></table></div><p>Note that these
property containers can be used for creating/processing JWS and JWE Compact and
JSON sequences. If it is either JWS JSON or JWE JSON and you wish to have more
than one signature or encryption be created then let the property value be a
commas separated list of locations, with each location pointing to a unique
signature or encryption operation property file.</p><p>Once the properties are
loaded the runtime proceeds with initializing JWS/JWE providers accordingly.
The following section lists the properties, some oif them being common and some
- unique to the signature/verification
and encryption/decryption processes.</p><p>Note that one can override some of
the properties, for example, 'rs.security.store' can be set as a dynamic
request property pointing to a preloaded Java KeyStore object.</p><h2
id="JAX-RSJOSE-Configurationthatappliestobothencryptionandsignature">Configuration
that applies to both encryption and signature</h2><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.keystore</td><td colspan="1"
rowspan="1" class="confluenceTd">The Java KeyStore Object to use. This
configuration tag is used if you want to pass the KeyStore Object through
dynamically.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>rs.security.keystore.type</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>The keystore type. Suitable values are
"jks" or "jwk".</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.keystore.password</td><td colspan="1" rowspan
="1" class="confluenceTd">The password required to access the
keystore.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.keystore.alias</td><td colspan="1" rowspan="1"
class="confluenceTd"> The keystore alias corresponding to the key to use.
You can append one of the following to this tag to get the alias for more
specific operations:<br clear="none">     - jwe.out<br
clear="none">     - jwe.in<br
clear="none">     - jws.out<br
clear="none">     - jws.in</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.keystore.aliases</td><td
colspan="1" rowspan="1" class="confluenceTd">The keystore aliases corresponding
to the keys to use, when using the JSON serialization form. You can append one
of the following to this tag to get the alias for more specific operations:<br
clear="none">     - jws.out<br
clear="none">     -
jws.in</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.keystore.file</td><td colspan="1" rowspan="1"
class="confluenceTd">The path to the keystore file.</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">rs.security.key.password</td><td
colspan="1" rowspan="1" class="confluenceTd">The password required to access
the private key (in the keystore).</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.key.password.provider</td><td colspan="1"
rowspan="1" class="confluenceTd">A reference to a PrivateKeyPasswordProvider
instance used to retrieve passwords to access keys.</td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd">rs.security.accept.public.key</td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Whether to allow using a JWK received in
the header for signature validation. The default is
"false".</p></td></tr></tbody></table></div><h2
id="JAX-RSJOSE-Configurationthatappliestosignatureonly">Configuration that ap
plies to signature only</h2><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>rs.security.signature.key.password.provider</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>A reference to a
PrivateKeyPasswordProvider instance used to retrieve passwords to access keys
for signature. If this is not specified it falls back to use
"rs.security.key.password.provider".</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.signature.algorithm</td><td
colspan="1" rowspan="1" class="confluenceTd">The signature algorithm to use.
The default algorithm if not specified is 'RS256'.</td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd">rs.security.signature.include.public.key</td><td
colspan="1" rowspan="1" class="confluenceTd">Include the JWK public key for
signature in the "jwk" header.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.signature.include.cert</td><
td colspan="1" rowspan="1" class="confluenceTd">Include the X.509 certificate
for signature in the "x5c" header.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.signature.include.key.id</td><td colspan="1"
rowspan="1" class="confluenceTd">Include the JWK key id for signature in the
"kid" header.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.signature.include.cert.sha1</td><td
colspan="1" rowspan="1" class="confluenceTd">Include the X.509 certificate
SHA-1 digest for signature in the "x5t" header.</td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd">rs.security.signature.include.cert.sha256</td><td
colspan="1" rowspan="1" class="confluenceTd">Include the X.509 certificate
SHA-256 digest for signature in the "x5t#S256"
header.</td></tr></tbody></table></div><h2
id="JAX-RSJOSE-Configurationthatappliestoencryptiononly">Configuration that
applies to encryption only</h2><div class="table-wrap"><table
class="confluenceTable"><t
body><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>rs.security.decryption.key.password.provider</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>A reference to a
PrivateKeyPasswordProvider instance used to retrieve passwords to access keys
for decryption. If this is not specified it falls back to use
"rs.security.key.password.provider".</p></td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd">rs.security.encryption.content.algorithm</td><td
colspan="1" rowspan="1" class="confluenceTd">The encryption content algorithm
to use. The default algorithm if not specified is 'A128GCM'.</td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd">rs.security.encryption.key.algorithm</td><td colspan="1"
rowspan="1" class="confluenceTd"><p>The encryption key algorithm to use. The
default algorithm if not specified is 'RSA-OAEP' if the key is an RSA key,
'ECDH-ES-A128KW'  if the key is an EC key and 'A128GCMKW' if it is an
octet sequence.</p></td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd">rs.security.encryption.zip.algorithm</td><td colspan="1"
rowspan="1" class="confluenceTd">The encryption zip algorithm to
use.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.encryption.include.public.key</td><td
colspan="1" rowspan="1" class="confluenceTd">Include the JWK public key
for encryption in the "jwk" header.</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.encryption.include.cert</td><td
colspan="1" rowspan="1" class="confluenceTd">Include the X.509 certificate
for encryption in the "x5c" header.</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.encryption.include.key.id</td><td
colspan="1" rowspan="1" class="confluenceTd">Include the JWK key id
for encryption in the "kid" header.</td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd">rs.security.encryption.include.cert.sha1</td><td
colspan="1" rowspan="1" class="confluenceTd">Inclu
de the X.509 certificate SHA-1 digest for encryption in the "x5t"
header.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.encryption.include.cert.sha256</td><td
colspan="1" rowspan="1" class="confluenceTd">Include the X.509 certificate
SHA-256 digest for encryption in the "x5t#S256"
header.</td></tr></tbody></table></div><h2
id="JAX-RSJOSE-ConfigurationthatappliestoJWTtokensonly">Configuration that
applies to JWT tokens only</h2><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>rs.security.enable.unsigned-jwt.principal</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Whether to allow unsigned JWT
tokens as SecurityContext Principals. The default is
false.</p></td></tr></tbody></table></div><h1
id="JAX-RSJOSE-Interoperability">Interoperability</h1><p> </p><p><a
shape="rect" class="external-link"
href="https://datatracker.ietf.org/wg/jose/documents/"; rel="nofollow">J
OSE</a> is already widely supported in OAuth2 and OIDC applications. Besides
that CXF JOSE client or server will interoperate with a 3rd party client/server
able to produce or consume JWS/JWE sequences.  For example, see a <a
shape="rect" class="external-link"
href="https://www.w3.org/TR/WebCryptoAPI/#jose"; rel="nofollow">WebCrypto API
use case</a> and  <a shape="rect" class="external-link"
href="https://mobilepki.org/WCPPSignatureDemo/home"; rel="nofollow">the demo</a>
which demonstrates how a JWS sequence produced by a browser-hosted script can
be validated by a server application capable of processing JWS, with the demo
browser client being tested against a CXF JWS server
too. </p><p> </p><h1 id="JAX-RSJOSE-Third-PartyLibraries">Third-Party
Libraries</h1><p><a shape="rect" class="external-link"
href="https://bitbucket.org/b_c/jose4j/wiki/Home";
rel="nofollow">Jose4J</a></p><p><a shape="rect" class="external-link"
href="http://connect2id.com/products/nimbus-jose-
jwt" rel="nofollow">Nimbus JOSE</a></p><p> </p></div>
+</div></div><p>After loading the properties one can check various property
values (signature algorithm, etc) and use it to create a required
provider.</p><p>The above code needs to be executed in the context of the
current request (in server or client in/out interceptors or server service
code) as it expects the current CXF Message be available in order to deduce
where to load the configuration properties from. However <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java";
rel="nofollow">JwsUtils</a> and <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java";
rel="nofollow">JweUtils</a> provide a number of utility methods for loading
the providers without loading the properties first which can be used when
setting up the c
lient code or when no properties are available in the current request
context.</p><p> </p><p>When the code needs to load the configuration
properties it first looks for the property 'container' file which contains the
specific properties instructing which keys and algorithms need to be used.
Singature or encryption properties for in/out operations can be provided.
 </p><h2 id="JAX-RSJOSE-ConfigurationPropertyContainers">Configuration
Property Containers</h2><h3 id="JAX-RSJOSE-Signature">Signature</h3><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.signature.out.properties</td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The signature properties file
for Compact or JSON signature creation. If not specified then it falls back to
"rs.security.signature.properties".</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.signature.in.properties</td><td
colspan="1" rowspa
n="1" class="confluenceTd"><p>The signature properties file for Compact or
JSON signature verification. If not specified then it falls back to
"rs.security.signature.properties".</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.signature.properties</td><td
colspan="1" rowspan="1" class="confluenceTd">The signature properties file for
Compact or JSON signature
creation/verification.</td></tr></tbody></table></div><h3
id="JAX-RSJOSE-Encryption">Encryption</h3><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.encryption.out.properties</td><td colspan="1"
rowspan="1" class="confluenceTd"><p>The encryption properties file for Compact
or JSON encryption creation. If not specified then it falls back to
"rs.security.encryption.properties".</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.encryption.in.properties</td><td
colspan="1" rowspan="1" class="conflue
nceTd"><p>The encryption properties file for Compact or JSON decryption. If
not specified then it falls back to
"rs.security.encryption.properties".</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.encryption.properties</td><td
colspan="1" rowspan="1" class="confluenceTd">The encryption properties file for
encryption/decryption.</td></tr></tbody></table></div><p>Note that these
property containers can be used for creating/processing JWS and JWE Compact and
JSON sequences. If it is either JWS JSON or JWE JSON and you wish to have more
than one signature or encryption be created then let the property value be a
commas separated list of locations, with each location pointing to a unique
signature or encryption operation property file.</p><p>Once the properties are
loaded the runtime proceeds with initializing JWS/JWE providers accordingly.
The following section lists the properties, some oif them being common and some
- unique to the signature/verification
and encryption/decryption processes.</p><p>Note that one can override some of
the properties, for example, 'rs.security.store' can be set as a dynamic
request property pointing to a preloaded Java KeyStore object.</p><h2
id="JAX-RSJOSE-Configurationthatappliestobothencryptionandsignature">Configuration
that applies to both encryption and signature</h2><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.keystore</td><td colspan="1"
rowspan="1" class="confluenceTd">The Java KeyStore Object to use. This
configuration tag is used if you want to pass the KeyStore Object through
dynamically.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>rs.security.keystore.type</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>The keystore type. Suitable values are
"jks" or "jwk".</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.keystore.password</td><td colspan="1" rowspan
="1" class="confluenceTd">The password required to access the
keystore.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.keystore.alias</td><td colspan="1" rowspan="1"
class="confluenceTd"> The keystore alias corresponding to the key to use.
You can append one of the following to this tag to get the alias for more
specific operations:<br clear="none">     - jwe.out<br
clear="none">     - jwe.in<br
clear="none">     - jws.out<br
clear="none">     - jws.in</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.keystore.aliases</td><td
colspan="1" rowspan="1" class="confluenceTd">The keystore aliases corresponding
to the keys to use, when using the JSON serialization form. You can append one
of the following to this tag to get the alias for more specific operations:<br
clear="none">     - jws.out<br
clear="none">     -
jws.in</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.keystore.file</td><td colspan="1" rowspan="1"
class="confluenceTd">The path to the keystore file.</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">rs.security.key.password</td><td
colspan="1" rowspan="1" class="confluenceTd">The password required to access
the private key (in the keystore).</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.key.password.provider</td><td colspan="1"
rowspan="1" class="confluenceTd">A reference to a PrivateKeyPasswordProvider
instance used to retrieve passwords to access keys.</td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd">rs.security.accept.public.key</td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Whether to allow using a JWK received in
the header for signature validation. The default is
"false".</p></td></tr></tbody></table></div><h2
id="JAX-RSJOSE-Configurationthatappliestosignatureonly">Configuration that ap
plies to signature only</h2><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>rs.security.signature.key.password.provider</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>A reference to a
PrivateKeyPasswordProvider instance used to retrieve passwords to access keys
for signature. If this is not specified it falls back to use
"rs.security.key.password.provider".</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.signature.algorithm</td><td
colspan="1" rowspan="1" class="confluenceTd">The signature algorithm to use.
The default algorithm if not specified is 'RS256'.</td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd">rs.security.signature.include.public.key</td><td
colspan="1" rowspan="1" class="confluenceTd">Include the JWK public key for
signature in the "jwk" header.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.signature.include.cert</td><
td colspan="1" rowspan="1" class="confluenceTd">Include the X.509 certificate
for signature in the "x5c" header.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.signature.include.key.id</td><td colspan="1"
rowspan="1" class="confluenceTd">Include the JWK key id for signature in the
"kid" header.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.signature.include.cert.sha1</td><td
colspan="1" rowspan="1" class="confluenceTd">Include the X.509 certificate
SHA-1 digest for signature in the "x5t" header.</td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd">rs.security.signature.include.cert.sha256</td><td
colspan="1" rowspan="1" class="confluenceTd">Include the X.509 certificate
SHA-256 digest for signature in the "x5t#S256"
header.</td></tr></tbody></table></div><h2
id="JAX-RSJOSE-Configurationthatappliestoencryptiononly">Configuration that
applies to encryption only</h2><div class="table-wrap"><table
class="confluenceTable"><t
body><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>rs.security.decryption.key.password.provider</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>A reference to a
PrivateKeyPasswordProvider instance used to retrieve passwords to access keys
for decryption. If this is not specified it falls back to use
"rs.security.key.password.provider".</p></td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd">rs.security.encryption.content.algorithm</td><td
colspan="1" rowspan="1" class="confluenceTd">The encryption content algorithm
to use. The default algorithm if not specified is 'A128GCM'.</td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd">rs.security.encryption.key.algorithm</td><td colspan="1"
rowspan="1" class="confluenceTd"><p>The encryption key algorithm to use. The
default algorithm if not specified is 'RSA-OAEP' if the key is an RSA key,
'ECDH-ES-A128KW'  if the key is an EC key and 'A128GCMKW' if it is an
octet sequence.</p></td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd">rs.security.encryption.zip.algorithm</td><td colspan="1"
rowspan="1" class="confluenceTd">The encryption zip algorithm to
use.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.encryption.include.public.key</td><td
colspan="1" rowspan="1" class="confluenceTd">Include the JWK public key
for encryption in the "jwk" header.</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.encryption.include.cert</td><td
colspan="1" rowspan="1" class="confluenceTd">Include the X.509 certificate
for encryption in the "x5c" header.</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">rs.security.encryption.include.key.id</td><td
colspan="1" rowspan="1" class="confluenceTd">Include the JWK key id
for encryption in the "kid" header.</td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd">rs.security.encryption.include.cert.sha1</td><td
colspan="1" rowspan="1" class="confluenceTd">Inclu
de the X.509 certificate SHA-1 digest for encryption in the "x5t"
header.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">rs.security.encryption.include.cert.sha256</td><td
colspan="1" rowspan="1" class="confluenceTd">Include the X.509 certificate
SHA-256 digest for encryption in the "x5t#S256"
header.</td></tr></tbody></table></div><h2
id="JAX-RSJOSE-ConfigurationthatappliestoJWTtokensonly">Configuration that
applies to JWT tokens only</h2><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>rs.security.enable.unsigned-jwt.principal</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Whether to allow unsigned JWT
tokens as SecurityContext Principals. The default is
false.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">expected.claim.audience</td><td colspan="1" rowspan="1"
class="confluenceTd">If this property is defined, the received JWT must have an
"aud" claim with
a value matching this property.</td></tr></tbody></table></div><h1
id="JAX-RSJOSE-Interoperability">Interoperability</h1><p> </p><p><a
shape="rect" class="external-link"
href="https://datatracker.ietf.org/wg/jose/documents/"; rel="nofollow">JOSE</a>
is already widely supported in OAuth2 and OIDC applications. Besides that CXF
JOSE client or server will interoperate with a 3rd party client/server able to
produce or consume JWS/JWE sequences.  For example, see a <a shape="rect"
class="external-link" href="https://www.w3.org/TR/WebCryptoAPI/#jose";
rel="nofollow">WebCrypto API use case</a> and  <a shape="rect"
class="external-link" href="https://mobilepki.org/WCPPSignatureDemo/home";
rel="nofollow">the demo</a> which demonstrates how a JWS sequence produced by a
browser-hosted script can be validated by a server application capable of
processing JWS, with the demo browser client being tested against a CXF JWS
server too. </p><p> </p><h1 id="JAX-RSJOSE-Third-Party
Libraries">Third-Party Libraries</h1><p><a shape="rect" class="external-link"
href="https://bitbucket.org/b_c/jose4j/wiki/Home";
rel="nofollow">Jose4J</a></p><p><a shape="rect" class="external-link"
href="http://connect2id.com/products/nimbus-jose-jwt"; rel="nofollow">Nimbus
JOSE</a></p><p> </p></div>
</div>
<!-- Content -->
</td>
