Author: buildbot
Date: Fri May 26 12:47:44 2017
New Revision: 1012908
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/jax-rs-jose.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Fri May 26 12:47:44
2017
@@ -119,11 +119,11 @@ Apache CXF -- JAX-RS JOSE
<!-- Content -->
<div class="wiki-content">
<div id="ConfluenceContent"><p> </p><p> </p><p><style
type="text/css">/*<![CDATA[*/
-div.rbtoc1494946025536 {padding: 0px;}
-div.rbtoc1494946025536 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1494946025536 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1495802825236 {padding: 0px;}
+div.rbtoc1495802825236 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1495802825236 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1494946025536">
+/*]]>*/</style></p><div class="toc-macro rbtoc1495802825236">
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-Introduction">Introduction</a></li><li><a shape="rect"
href="#JAX-RSJOSE-MavenDependencies">Maven Dependencies</a></li><li><a
shape="rect" href="#JAX-RSJOSE-JavaandJCEPolicy">Java and JCE
Policy </a></li><li><a shape="rect"
href="#JAX-RSJOSE-JOSEOverviewandImplementation">JOSE Overview and
Implementation</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-JWAAlgorithms">JWA Algorithms</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWKKeys">JWK Keys</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWSSignature">JWS Signature</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-SignatureandVerificationProviders">Signature and Verification
Providers</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSCompact">JWS
Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSON">JWS
JSON</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithDetachedContent">JWS
with Detached Content</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWSwithUnencodedPayload">JWS with Unencoded
Payload</a></li></ul>
@@ -131,7 +131,11 @@ div.rbtoc1494946025536 li {margin-left:
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-KeyandContentEncryptionProviders">Key and Content Encryption
Providers</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWECompact">JWE
Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWEJSON">JWE
JSON</a></li></ul>
</li><li><a shape="rect" href="#JAX-RSJOSE-JSONWebToken">JSON Web
Token</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSandJWECombined">JWS and
JWE Combined</a></li></ul>
</li><li><a shape="rect" href="#JAX-RSJOSE-JOSEJAX-RSFilters">JOSE JAX-RS
Filters</a>
-<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-JWS">JWS</a></li><li><a shape="rect"
href="#JAX-RSJOSE-SigningandVerificationofHTTPAttachments">Signing and
Verification of HTTP Attachments</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWE">JWE</a></li><li><a shape="rect"
href="#JAX-RSJOSE-LinkingJWTauthenticationstoJWSorJWEcontent">Linking JWT
authentications to JWS or JWE content</a></li><li><a shape="rect"
href="#JAX-RSJOSE-OptionalprotectionofHTTPheaders">Optional protection of HTTP
headers</a></li></ul>
+<ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWS">JWS</a>
+<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-JWSCompact.1">JWS Compact</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWSCompactWithUnencodedPayload">JWS Compact With Unencoded
Payload</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSON.1">JWS
JSON</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWSJSONwithUnencodedPayload">JWS JSON with Unencoded
Payload</a></li></ul>
+</li><li><a shape="rect"
href="#JAX-RSJOSE-SigningandVerificationofHTTPAttachments">Signing and
Verification of HTTP Attachments</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWE">JWE</a>
+<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-JWECompact.1">JWE Compact</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWEJSON.1">JWE JSON</a></li></ul>
+</li><li><a shape="rect"
href="#JAX-RSJOSE-LinkingJWTauthenticationstoJWSorJWEcontent">Linking JWT
authentications to JWS or JWE content</a></li><li><a shape="rect"
href="#JAX-RSJOSE-OptionalprotectionofHTTPheaders">Optional protection of HTTP
headers</a></li></ul>
</li><li><a shape="rect" href="#JAX-RSJOSE-Configuration">Configuration</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-ConfigurationPropertyContainers">Configuration Property
Containers</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-Signature">Signature</a></li><li><a shape="rect"
href="#JAX-RSJOSE-Encryption">Encryption</a></li></ul>
@@ -415,7 +419,7 @@ public class BookStore {
return book;
}
}</pre>
-</div></div><p>would expect JWS and/or JWE processing done before the resource
method is invoked or after this method returned some response.</p><p>This is
what CXF JOSE JAX-RS filters do, they help the client or server code get the
application data JWS- or JWE-secured. The filters do it by loadng the
configuration properties as described below in the Configuration section, and
produce or consume JWS or JWE sequences.</p><p>Note, JWS Compact and JSON, as
well as JWE Compact client and server output filters can do the best effort at
keeping the <strong>streaming</strong> process going while they are signing or
encrypting the payload. JWE JSON client/server output filter and JWS Compact
client/server input filters will be enhanced in due time to support the
streaming too. Most of CXF JOSE system tests enable the streaming capable
filters to stream.  </p><p>JWS and JWE JSON input filters are expected to
process JSON containers with the properties set in a random order hence by def
ault they wil not stream the data in.  </p><p>Register both JWS and JWE
out filters if the data need to be signed and encrypted (the filters are
ordered such that the data are signed first and encrypted next) and JWS and JWE
in filters if the signed data need to be decrypted first and then
verified.</p><h2 id="JAX-RSJOSE-JWS">JWS</h2><p><a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java";
rel="nofollow">JwsWriterInterceptor</a> creates compact JWS sequences on the
client or server out directions. For example, if you have the client code
posting a Book or the server code returning a Book, with this Book
representation expected to be signed, then add <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsW
riterInterceptor.java" rel="nofollow">JwsWriterInterceptor</a> and set the
signature properties on the JAX-RS client or server.</p><p><a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java";
rel="nofollow">JwsClientResponseFilter</a> and <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java";
rel="nofollow">JwsContainerRequestFilter</a> process the incoming client or
server Compact JWS sequences.</p><p>Here is an example of a JSON Book
representation being HS256 signed and converted into  Compact JWS and
POSTed to the target service:</p><div class="preformatted panel"
style="border-width: 1px;"><div class="preformattedContent panelContent">
+</div></div><p>would expect JWS and/or JWE processing done before the resource
method is invoked or after this method returned some response.</p><p>This is
what CXF JOSE JAX-RS filters do, they help the client or server code get the
application data JWS- or JWE-secured. The filters do it by loadng the
configuration properties as described below in the Configuration section, and
produce or consume JWS or JWE sequences.</p><p>Note, JWS Compact and JSON, as
well as JWE Compact client and server output filters can do the best effort at
keeping the <strong>streaming</strong> process going while they are signing or
encrypting the payload. JWE JSON client/server output filter and JWS Compact
client/server input filters will be enhanced in due time to support the
streaming too. Most of CXF JOSE system tests enable the streaming capable
filters to stream.  </p><p>JWS and JWE JSON input filters are expected to
process JSON containers with the properties set in a random order hence by def
ault they wil not stream the data in.  </p><p>Register both JWS and JWE
out filters if the data need to be signed and encrypted (the filters are
ordered such that the data are signed first and encrypted next) and JWS and JWE
in filters if the signed data need to be decrypted first and then
verified.</p><h2 id="JAX-RSJOSE-JWS">JWS</h2><h3
id="JAX-RSJOSE-JWSCompact.1">JWS Compact</h3><p><a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java";
rel="nofollow">JwsWriterInterceptor</a> creates compact JWS sequences on the
client or server out directions. For example, if you have the client code
posting a Book or the server code returning a Book, with this Book
representation expected to be signed, then add <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/mai
n/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java"
rel="nofollow">JwsWriterInterceptor</a> and set the signature properties on the
JAX-RS client or server.</p><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java";
rel="nofollow">JwsClientResponseFilter</a> and <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java";
rel="nofollow">JwsContainerRequestFilter</a> process the incoming client or
server Compact JWS sequences.</p><p>Here is an example of a JSON Book
representation being HS256 signed and converted into  Compact JWS and
POSTed to the target service:</p><div class="preformatted panel"
style="border-width: 1px;"><div class="preformattedContent panelCon
tent">
<pre>Address: https://localhost:9001/jwsjwkhmac/bookstore/books
Http-Method: POST
Content-Type: application/jose
@@ -446,7 +450,9 @@ INFO: JWS Headers:
 JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
// enable streaming
 jwsWriter.setUseJwsOutputStream(true);
- providers.add(jwsWriter);
+ // The payload is encoded by default, disable it if required
+ // jwsWriter.setEncodePayload(false);
+  providers.add(jwsWriter);
// JWS Compact In
 providers.add(new JwsClientResponseFilter());
// Book to/from JSON
@@ -460,14 +466,14 @@ INFO: JWS Headers:
return bean.create(BookStore.class);
}</pre>
-</div></div><p>The above code shows a client proxy code but WebClient can be
created instead. The server is configured <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml#L197";
rel="nofollow">here</a>. The client can be configured in Spring/Blueprint
too.</p><p>Starting from CXF 3.1.7 it is also possible to produce JWS Compact
sequences with the unencoded payload (See JWS With Clear Payload above for
restrictions).</p><p>Here is an example of a plain text "book" being
HS256-signed, converted into JWS Compact and POSTed to the target
service:</p><div class="preformatted panel" style="border-width: 1px;"><div
class="preformattedContent panelContent">
+</div></div><p>The above code shows a client proxy code but WebClient can be
created instead. The server is configured <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml#L197";
rel="nofollow">here</a>. The client can be configured in Spring/Blueprint
too.</p><h3 id="JAX-RSJOSE-JWSCompactWithUnencodedPayload">JWS Compact With
Unencoded Payload</h3><p>Starting from CXF 3.1.7 it is also possible to produce
JWS Compact sequences with the unencoded payload (See JWS With Unencoded
Payload above for restrictions).</p><p>Here is an example of a plain text
"book" being HS256-signed, converted into JWS Compact and POSTed to the target
service:</p><div class="preformatted panel" style="border-width: 1px;"><div
class="preformattedContent panelContent">
<pre>Address: https://localhost:9001/jwsjwkhmac/bookstore/books
Http-Method: POST
Content-Type: application/jose
Payload:
eyJhbGciOiJIUzI1NiIsImN0eSI6InRleHQvcGxhaW4iLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ.
book.
fM7O2IVO3NsQeTGrFiMeLf_TKTsMSqnqmjnK40PwQ88</pre>
-</div></div><p>Note that a 2nd part, "book", is not Base64Url
encoded.</p><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java";
rel="nofollow">JwsJsonWriterInterceptor</a> creates JWS JSON sequences on the
client or server out directions. </p><p><a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java";
rel="nofollow">JwsJsonClientResponseFilter</a> and <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java";
rel="nofollow">JwsJsonContainerRequestFilter</a> process the incoming client
or server Compact JWS sequences.</p><p>H
ere is an example of a plain text "book" being HS256-signed, converted into
JWS JSON and POSTed to the target service:</p><div class="preformatted panel"
style="border-width: 1px;"><div class="preformattedContent panelContent">
+</div></div><p>Note that a 2nd part, "book", is not Base64Url encoded. Set an
'encodePayload' option on the request or response JWS Compact filter to
'false'.</p><h3 id="JAX-RSJOSE-JWSJSON.1">JWS JSON</h3><p><a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java";
rel="nofollow">JwsJsonWriterInterceptor</a> creates JWS JSON sequences on the
client or server out directions. </p><p><a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java";
rel="nofollow">JwsJsonClientResponseFilter</a> and <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerReques
tFilter.java" rel="nofollow">JwsJsonContainerRequestFilter</a> process the
incoming client or server Compact JWS sequences.</p><p>Here is an example of a
plain text "book" being HS256-signed, converted into JWS JSON and POSTed to the
target service:</p><div class="preformatted panel" style="border-width:
1px;"><div class="preformattedContent panelContent">
<pre>Http-Method: POST
Content-Type: application/jose+json
Payload:
@@ -481,7 +487,7 @@ Payload:
}
]
}</pre>
-</div></div><p>Note the Base64Url encoded payload goes first, followed by the
'signatures' array, with each element containing the protected headers and the
actual signature specific to a given signature key.</p><p>Enabling the clear
JWS payload option wilkl produce:</p><div class="preformatted panel"
style="border-width: 1px;"><div class="preformattedContent panelContent">
+</div></div><p>Note the Base64Url encoded payload goes first, followed by the
'signatures' array, with each element containing the protected headers and the
actual signature specific to a given signature key.</p><h3
id="JAX-RSJOSE-JWSJSONwithUnencodedPayload">JWS JSON with Unencoded
Payload</h3><p>Enabling the unencoded JWS payload option will produce:</p><div
class="preformatted panel" style="border-width: 1px;"><div
class="preformattedContent panelContent">
<pre>{
"payload" : "book",
"signatures":
@@ -617,7 +623,7 @@ Content-ID: <signature>
{"protected":"eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJIUzI1NiJ9","signature":"LWMjPoronjdGmJFAAIuCc_qh9sI2i5Jc2onBd-fHdMM"}
--uuid:75b37fab-1745-45b7-93ac-15aa9add9b25--</pre>
-</div></div><h2 id="JAX-RSJOSE-JWE">JWE</h2><p><a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java";
rel="nofollow">JweWriterInterceptor</a> creates Compact JWE sequences on the
client or server out directions. For example, if you have the client code
posting a Book or the server code returning a Book, with this Book
representation expected to be encrypted, then add <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java";
rel="nofollow">JweWriterInterceptor</a> and set the encryption properties on
the JAX-RS client or server.</p><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/sec
urity/jose/jaxrs/JweClientResponseFilter.java"
rel="nofollow">JweClientResponseFilter</a> and <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java";
rel="nofollow">JweContainerRequestFilter</a> process the incoming client or
server Compact JWE sequences.</p><p>Here is an example of a plain text "book"
being encrypted with the A128KW key and A128GCM content encryption (see JWE
section above), converted into Compact JWE and POSTed to the target
service:</p><div class="preformatted panel" style="border-width: 1px;"><div
class="preformattedContent panelContent">
+</div></div><h2 id="JAX-RSJOSE-JWE">JWE</h2><h3
id="JAX-RSJOSE-JWECompact.1">JWE Compact</h3><p><a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java";
rel="nofollow">JweWriterInterceptor</a> creates Compact JWE sequences on the
client or server out directions. For example, if you have the client code
posting a Book or the server code returning a Book, with this Book
representation expected to be encrypted, then add <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java";
rel="nofollow">JweWriterInterceptor</a> and set the encryption properties on
the JAX-RS client or server.</p><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-pare
nt/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java"
rel="nofollow">JweClientResponseFilter</a> and <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java";
rel="nofollow">JweContainerRequestFilter</a> process the incoming client or
server Compact JWE sequences.</p><p>Here is an example of a plain text "book"
being encrypted with the A128KW key and A128GCM content encryption (see JWE
section above), converted into Compact JWE and POSTed to the target
service:</p><div class="preformatted panel" style="border-width: 1px;"><div
class="preformattedContent panelContent">
<pre>Address: https://localhost:9001/jwejwkaeswrap/bookstore/books
Http-Method: POST
Content-Type: application/jose
@@ -652,7 +658,7 @@ INFO: JWE Headers:
String text = bs.echoText("book");
assertEquals("book", text);
}</pre>
-</div></div><p>The above code shows a client proxy code but WebClient can be
created instead. The server is configured <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml#L153";
rel="nofollow">here</a>. The client can be configured in Spring/Blueprint
too.</p><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java";
rel="nofollow">JweJsonWriterInterceptor</a> creates JWE JSON sequences on the
client or server out directions. </p><p><a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonClientResponseFilter.java";
rel="nofollow">JweJsonClientResponseFilter</a> and <a shape="rec
t" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java";
rel="nofollow">JweContainerRequestFilter</a> process the incoming client or
server JWE JSON sequences.</p><p>Here is the same example for encrypting "book"
but with JWS JSON interceptors:</p><div class="preformatted panel"
style="border-width: 1px;"><div class="preformattedContent panelContent">
+</div></div><p>The above code shows a client proxy code but WebClient can be
created instead. The server is configured <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml#L153";
rel="nofollow">here</a>. The client can be configured in Spring/Blueprint
too.</p><h3 id="JAX-RSJOSE-JWEJSON.1">JWE JSON</h3><p><a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java";
rel="nofollow">JweJsonWriterInterceptor</a> creates JWE JSON sequences on the
client or server out directions. </p><p><a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonClientResponseFilter.java";
rel="nofollow">JweJso
nClientResponseFilter</a> and <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java";
rel="nofollow">JweContainerRequestFilter</a> process the incoming client or
server JWE JSON sequences.</p><p>Here is the same example for encrypting "book"
but with JWS JSON interceptors:</p><div class="preformatted panel"
style="border-width: 1px;"><div class="preformattedContent panelContent">
<pre>Address: https://localhost:9001/jwejsonhmac/bookstore/books
Http-Method: POST
Content-Type: application/jose+json
