Author: buildbot Date: Fri May 26 12:47:44 2017 New Revision: 1012908 Log: Production update by buildbot for cxf
Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/jax-rs-jose.html Modified: websites/production/cxf/content/cache/docs.pageCache ============================================================================== Binary files - no diff available. Modified: websites/production/cxf/content/docs/jax-rs-jose.html ============================================================================== --- websites/production/cxf/content/docs/jax-rs-jose.html (original) +++ websites/production/cxf/content/docs/jax-rs-jose.html Fri May 26 12:47:44 2017 @@ -119,11 +119,11 @@ Apache CXF -- JAX-RS JOSE <!-- Content --> <div class="wiki-content"> <div id="ConfluenceContent"><p> </p><p> </p><p><style type="text/css">/*<![CDATA[*/ -div.rbtoc1494946025536 {padding: 0px;} -div.rbtoc1494946025536 ul {list-style: disc;margin-left: 0px;} -div.rbtoc1494946025536 li {margin-left: 0px;padding-left: 0px;} +div.rbtoc1495802825236 {padding: 0px;} +div.rbtoc1495802825236 ul {list-style: disc;margin-left: 0px;} +div.rbtoc1495802825236 li {margin-left: 0px;padding-left: 0px;} -/*]]>*/</style></p><div class="toc-macro rbtoc1494946025536"> +/*]]>*/</style></p><div class="toc-macro rbtoc1495802825236"> <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-Introduction">Introduction</a></li><li><a shape="rect" href="#JAX-RSJOSE-MavenDependencies">Maven Dependencies</a></li><li><a shape="rect" href="#JAX-RSJOSE-JavaandJCEPolicy">Java and JCE Policy </a></li><li><a shape="rect" href="#JAX-RSJOSE-JOSEOverviewandImplementation">JOSE Overview and Implementation</a> <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWAAlgorithms">JWA Algorithms</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWKKeys">JWK Keys</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSSignature">JWS Signature</a> <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-SignatureandVerificationProviders">Signature and Verification Providers</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSCompact">JWS Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSON">JWS JSON</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithDetachedContent">JWS with Detached Content</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithUnencodedPayload">JWS with Unencoded Payload</a></li></ul> @@ -131,7 +131,11 @@ div.rbtoc1494946025536 li {margin-left: <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-KeyandContentEncryptionProviders">Key and Content Encryption Providers</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWECompact">JWE Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWEJSON">JWE JSON</a></li></ul> </li><li><a shape="rect" href="#JAX-RSJOSE-JSONWebToken">JSON Web Token</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSandJWECombined">JWS and JWE Combined</a></li></ul> </li><li><a shape="rect" href="#JAX-RSJOSE-JOSEJAX-RSFilters">JOSE JAX-RS Filters</a> -<ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWS">JWS</a></li><li><a shape="rect" href="#JAX-RSJOSE-SigningandVerificationofHTTPAttachments">Signing and Verification of HTTP Attachments</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWE">JWE</a></li><li><a shape="rect" href="#JAX-RSJOSE-LinkingJWTauthenticationstoJWSorJWEcontent">Linking JWT authentications to JWS or JWE content</a></li><li><a shape="rect" href="#JAX-RSJOSE-OptionalprotectionofHTTPheaders">Optional protection of HTTP headers</a></li></ul> +<ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWS">JWS</a> +<ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWSCompact.1">JWS Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSCompactWithUnencodedPayload">JWS Compact With Unencoded Payload</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSON.1">JWS JSON</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSONwithUnencodedPayload">JWS JSON with Unencoded Payload</a></li></ul> +</li><li><a shape="rect" href="#JAX-RSJOSE-SigningandVerificationofHTTPAttachments">Signing and Verification of HTTP Attachments</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWE">JWE</a> +<ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWECompact.1">JWE Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWEJSON.1">JWE JSON</a></li></ul> +</li><li><a shape="rect" href="#JAX-RSJOSE-LinkingJWTauthenticationstoJWSorJWEcontent">Linking JWT authentications to JWS or JWE content</a></li><li><a shape="rect" href="#JAX-RSJOSE-OptionalprotectionofHTTPheaders">Optional protection of HTTP headers</a></li></ul> </li><li><a shape="rect" href="#JAX-RSJOSE-Configuration">Configuration</a> <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-ConfigurationPropertyContainers">Configuration Property Containers</a> <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-Signature">Signature</a></li><li><a shape="rect" href="#JAX-RSJOSE-Encryption">Encryption</a></li></ul> @@ -415,7 +419,7 @@ public class BookStore { return book; } }</pre> -</div></div><p>would expect JWS and/or JWE processing done before the resource method is invoked or after this method returned some response.</p><p>This is what CXF JOSE JAX-RS filters do, they help the client or server code get the application data JWS- or JWE-secured. The filters do it by loadng the configuration properties as described below in the Configuration section, and produce or consume JWS or JWE sequences.</p><p>Note, JWS Compact and JSON, as well as JWE Compact client and server output filters can do the best effort at keeping the <strong>streaming</strong> process going while they are signing or encrypting the payload. JWE JSON client/server output filter and JWS Compact client/server input filters will be enhanced in due time to support the streaming too. Most of CXF JOSE system tests enable the streaming capable filters to stream.  </p><p>JWS and JWE JSON input filters are expected to process JSON containers with the properties set in a random order hence by def ault they wil not stream the data in.  </p><p>Register both JWS and JWE out filters if the data need to be signed and encrypted (the filters are ordered such that the data are signed first and encrypted next) and JWS and JWE in filters if the signed data need to be decrypted first and then verified.</p><h2 id="JAX-RSJOSE-JWS">JWS</h2><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java" rel="nofollow">JwsWriterInterceptor</a> creates compact JWS sequences on the client or server out directions. For example, if you have the client code posting a Book or the server code returning a Book, with this Book representation expected to be signed, then add <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsW riterInterceptor.java" rel="nofollow">JwsWriterInterceptor</a> and set the signature properties on the JAX-RS client or server.</p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java" rel="nofollow">JwsClientResponseFilter</a> and <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java" rel="nofollow">JwsContainerRequestFilter</a> process the incoming client or server Compact JWS sequences.</p><p>Here is an example of a JSON Book representation being HS256 signed and converted into  Compact JWS and POSTed to the target service:</p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> +</div></div><p>would expect JWS and/or JWE processing done before the resource method is invoked or after this method returned some response.</p><p>This is what CXF JOSE JAX-RS filters do, they help the client or server code get the application data JWS- or JWE-secured. The filters do it by loadng the configuration properties as described below in the Configuration section, and produce or consume JWS or JWE sequences.</p><p>Note, JWS Compact and JSON, as well as JWE Compact client and server output filters can do the best effort at keeping the <strong>streaming</strong> process going while they are signing or encrypting the payload. JWE JSON client/server output filter and JWS Compact client/server input filters will be enhanced in due time to support the streaming too. Most of CXF JOSE system tests enable the streaming capable filters to stream.  </p><p>JWS and JWE JSON input filters are expected to process JSON containers with the properties set in a random order hence by def ault they wil not stream the data in.  </p><p>Register both JWS and JWE out filters if the data need to be signed and encrypted (the filters are ordered such that the data are signed first and encrypted next) and JWS and JWE in filters if the signed data need to be decrypted first and then verified.</p><h2 id="JAX-RSJOSE-JWS">JWS</h2><h3 id="JAX-RSJOSE-JWSCompact.1">JWS Compact</h3><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java" rel="nofollow">JwsWriterInterceptor</a> creates compact JWS sequences on the client or server out directions. For example, if you have the client code posting a Book or the server code returning a Book, with this Book representation expected to be signed, then add <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/mai n/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java" rel="nofollow">JwsWriterInterceptor</a> and set the signature properties on the JAX-RS client or server.</p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java" rel="nofollow">JwsClientResponseFilter</a> and <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java" rel="nofollow">JwsContainerRequestFilter</a> process the incoming client or server Compact JWS sequences.</p><p>Here is an example of a JSON Book representation being HS256 signed and converted into  Compact JWS and POSTed to the target service:</p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelCon tent"> <pre>Address: https://localhost:9001/jwsjwkhmac/bookstore/books Http-Method: POST Content-Type: application/jose @@ -446,7 +450,9 @@ INFO: JWS Headers:  JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor(); // enable streaming  jwsWriter.setUseJwsOutputStream(true); - providers.add(jwsWriter); + // The payload is encoded by default, disable it if required + // jwsWriter.setEncodePayload(false); +  providers.add(jwsWriter); // JWS Compact In  providers.add(new JwsClientResponseFilter()); // Book to/from JSON @@ -460,14 +466,14 @@ INFO: JWS Headers: return bean.create(BookStore.class); }</pre> -</div></div><p>The above code shows a client proxy code but WebClient can be created instead. The server is configured <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml#L197" rel="nofollow">here</a>. The client can be configured in Spring/Blueprint too.</p><p>Starting from CXF 3.1.7 it is also possible to produce JWS Compact sequences with the unencoded payload (See JWS With Clear Payload above for restrictions).</p><p>Here is an example of a plain text "book" being HS256-signed, converted into JWS Compact and POSTed to the target service:</p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> +</div></div><p>The above code shows a client proxy code but WebClient can be created instead. The server is configured <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml#L197" rel="nofollow">here</a>. The client can be configured in Spring/Blueprint too.</p><h3 id="JAX-RSJOSE-JWSCompactWithUnencodedPayload">JWS Compact With Unencoded Payload</h3><p>Starting from CXF 3.1.7 it is also possible to produce JWS Compact sequences with the unencoded payload (See JWS With Unencoded Payload above for restrictions).</p><p>Here is an example of a plain text "book" being HS256-signed, converted into JWS Compact and POSTed to the target service:</p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>Address: https://localhost:9001/jwsjwkhmac/bookstore/books Http-Method: POST Content-Type: application/jose Payload: eyJhbGciOiJIUzI1NiIsImN0eSI6InRleHQvcGxhaW4iLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ. book. fM7O2IVO3NsQeTGrFiMeLf_TKTsMSqnqmjnK40PwQ88</pre> -</div></div><p>Note that a 2nd part, "book", is not Base64Url encoded.</p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java" rel="nofollow">JwsJsonWriterInterceptor</a> creates JWS JSON sequences on the client or server out directions. </p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java" rel="nofollow">JwsJsonClientResponseFilter</a> and <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java" rel="nofollow">JwsJsonContainerRequestFilter</a> process the incoming client or server Compact JWS sequences.</p><p>H ere is an example of a plain text "book" being HS256-signed, converted into JWS JSON and POSTed to the target service:</p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> +</div></div><p>Note that a 2nd part, "book", is not Base64Url encoded. Set an 'encodePayload' option on the request or response JWS Compact filter to 'false'.</p><h3 id="JAX-RSJOSE-JWSJSON.1">JWS JSON</h3><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java" rel="nofollow">JwsJsonWriterInterceptor</a> creates JWS JSON sequences on the client or server out directions. </p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java" rel="nofollow">JwsJsonClientResponseFilter</a> and <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerReques tFilter.java" rel="nofollow">JwsJsonContainerRequestFilter</a> process the incoming client or server Compact JWS sequences.</p><p>Here is an example of a plain text "book" being HS256-signed, converted into JWS JSON and POSTed to the target service:</p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>Http-Method: POST Content-Type: application/jose+json Payload: @@ -481,7 +487,7 @@ Payload: } ] }</pre> -</div></div><p>Note the Base64Url encoded payload goes first, followed by the 'signatures' array, with each element containing the protected headers and the actual signature specific to a given signature key.</p><p>Enabling the clear JWS payload option wilkl produce:</p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> +</div></div><p>Note the Base64Url encoded payload goes first, followed by the 'signatures' array, with each element containing the protected headers and the actual signature specific to a given signature key.</p><h3 id="JAX-RSJOSE-JWSJSONwithUnencodedPayload">JWS JSON with Unencoded Payload</h3><p>Enabling the unencoded JWS payload option will produce:</p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>{ "payload" : "book", "signatures": @@ -617,7 +623,7 @@ Content-ID: <signature> {"protected":"eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJIUzI1NiJ9","signature":"LWMjPoronjdGmJFAAIuCc_qh9sI2i5Jc2onBd-fHdMM"} --uuid:75b37fab-1745-45b7-93ac-15aa9add9b25--</pre> -</div></div><h2 id="JAX-RSJOSE-JWE">JWE</h2><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java" rel="nofollow">JweWriterInterceptor</a> creates Compact JWE sequences on the client or server out directions. For example, if you have the client code posting a Book or the server code returning a Book, with this Book representation expected to be encrypted, then add <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java" rel="nofollow">JweWriterInterceptor</a> and set the encryption properties on the JAX-RS client or server.</p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/sec urity/jose/jaxrs/JweClientResponseFilter.java" rel="nofollow">JweClientResponseFilter</a> and <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java" rel="nofollow">JweContainerRequestFilter</a> process the incoming client or server Compact JWE sequences.</p><p>Here is an example of a plain text "book" being encrypted with the A128KW key and A128GCM content encryption (see JWE section above), converted into Compact JWE and POSTed to the target service:</p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> +</div></div><h2 id="JAX-RSJOSE-JWE">JWE</h2><h3 id="JAX-RSJOSE-JWECompact.1">JWE Compact</h3><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java" rel="nofollow">JweWriterInterceptor</a> creates Compact JWE sequences on the client or server out directions. For example, if you have the client code posting a Book or the server code returning a Book, with this Book representation expected to be encrypted, then add <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java" rel="nofollow">JweWriterInterceptor</a> and set the encryption properties on the JAX-RS client or server.</p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-pare nt/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java" rel="nofollow">JweClientResponseFilter</a> and <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java" rel="nofollow">JweContainerRequestFilter</a> process the incoming client or server Compact JWE sequences.</p><p>Here is an example of a plain text "book" being encrypted with the A128KW key and A128GCM content encryption (see JWE section above), converted into Compact JWE and POSTed to the target service:</p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>Address: https://localhost:9001/jwejwkaeswrap/bookstore/books Http-Method: POST Content-Type: application/jose @@ -652,7 +658,7 @@ INFO: JWE Headers: String text = bs.echoText("book"); assertEquals("book", text); }</pre> -</div></div><p>The above code shows a client proxy code but WebClient can be created instead. The server is configured <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml#L153" rel="nofollow">here</a>. The client can be configured in Spring/Blueprint too.</p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java" rel="nofollow">JweJsonWriterInterceptor</a> creates JWE JSON sequences on the client or server out directions. </p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonClientResponseFilter.java" rel="nofollow">JweJsonClientResponseFilter</a> and <a shape="rec t" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java" rel="nofollow">JweContainerRequestFilter</a> process the incoming client or server JWE JSON sequences.</p><p>Here is the same example for encrypting "book" but with JWS JSON interceptors:</p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> +</div></div><p>The above code shows a client proxy code but WebClient can be created instead. The server is configured <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml#L153" rel="nofollow">here</a>. The client can be configured in Spring/Blueprint too.</p><h3 id="JAX-RSJOSE-JWEJSON.1">JWE JSON</h3><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java" rel="nofollow">JweJsonWriterInterceptor</a> creates JWE JSON sequences on the client or server out directions. </p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonClientResponseFilter.java" rel="nofollow">JweJso nClientResponseFilter</a> and <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java" rel="nofollow">JweContainerRequestFilter</a> process the incoming client or server JWE JSON sequences.</p><p>Here is the same example for encrypting "book" but with JWS JSON interceptors:</p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>Address: https://localhost:9001/jwejsonhmac/bookstore/books Http-Method: POST Content-Type: application/jose+json