RE: CXF JOSE: Automatic Injection of Security Providers

Sun, 03 Mar 2019 07:49:03 -0800 

Hi Ankur,

And second part of answer for service side:

On server side, you can configure JAXRS filters and interceptors dynamically 
using ServerProviderFactory, for example in your own CXF interceptor 
(registered on bus or service level).
Interceptor will look like:

public class DynamicFilterControllerService extends 
AbstractPhaseInterceptor<Message> {

    public DynamicFilterControllerService() {
        super(Phase.UNMARSHAL);
        getBefore().add(JAXRSInInterceptor.class.getName());
    }

    @Override
    public void handleMessage(Message message) throws Fault {
        ServerProviderFactory providerFactory = 
ServerProviderFactory.getInstance(message);
        if (providerFactory == null) {
            return;
        }
        List<Object> providers = Arrays.asList(new TestContainerRequestFilter(),
                                               new 
TestContainerRequestFilterPost(),
                                               new 
TestContainerResponseFilter(),
                                               new TestReaderInterceptor(),
                                               new TestWriterInterceptor());
        providerFactory.setUserProviders(providers);
    }

}

In this interceptor you can decide which filters or JAX-RS interceptors have to 
be added and use ServerProviderFactory.setUserProviders() to configure them 
dynamically.
Important that DynamicFilterControllerService is called before 
JAXRSInInterceptor activating service JAX-RS filter chain.

Regards,
Andrei

> -----Original Message-----
> From: Ankur Bahre [mailto:[email protected]]
> Sent: Mittwoch, 27. Februar 2019 11:10
> To: [email protected]
> Subject: CXF JOSE: Automatic Injection of Security Providers
>
> Hello Team,
>
> We are working on a project where we need to implement CXF JOSE based
> security features for encryption(JWE) and signing(JWS) to the REST based
> requests and responses. In order to add providers and filters for encryption 
> and
> signing of JSON request/response, we would like to implement automatic
> injection of such providers and filters.
>
> We have identified a way to have a provider listener that implements
> ServerLifeCycleListener and to override the startServer() method to add 
> filters
> and providers so that on server startup, these filters would be automatically
> injected to the interceptor chain.
>
> We would like to know if we can add providers and filters through any
> interceptors so that they are added dynamically to the interceptor chain. 
> Please
> also find below the code snippet of the work we have done so far for injection
> but with no success.
>
> ****************************************************************
> *************************************************
> Code Snippet Start
> ****************************************************************
> *************************************************
>
> import org.apache.cxf.endpoint.Server;
> import org.apache.cxf.endpoint.ServerLifeCycleListener;
> import org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor;
> import org.apache.cxf.jaxrs.interceptor.JAXRSOutInterceptor;
> import org.apache.cxf.rs.security.jose.jaxrs.JweContainerRequestFilter;
> import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor;
> import org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter;
> import org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor;
>
>
> public class ProviderListener implements ServerLifeCycleListener {
>
>                 private JAXRSInInterceptor inInterceptor = new 
> JAXRSInInterceptor();
>                 private JAXRSOutInterceptor outInterceptor = new
> JAXRSOutInterceptor();
>
>
>                 public ProviderListener() {
>                                                 super();
>                 }
>
>                 @Override
>                 public void startServer(Server server) {
>
>
>                                 System.out.println("Inside provider 
> listener");
>                                 System.out.println("Inside provider 
> listener");
>
>
> outInterceptor.getBefore().add(JweWriterInterceptor.class.getName());
>
> outInterceptor.getBefore().add(JwsWriterInterceptor.class.getName());
>
> inInterceptor.getBefore().add(JweContainerRequestFilter.class.getName());
>
> inInterceptor.getBefore().add(JwsContainerRequestFilter.class.getName());
>
>                                 
> server.getEndpoint().getInInterceptors().add(inInterceptor);
>
> server.getEndpoint().getOutInterceptors().add(outInterceptor);
>
>                 }
>
>                 @Override
>                 public void stopServer(Server server) {
>                 }
> }
>
> ****************************************************************
> *************************************************
> Code Snippet End
> ****************************************************************
> *************************************************
>
>
> Any response in this regard is highly appreciated.
>
> Best Regards,
>
> Ankur Bahre
>

As a recipient of an email from Talend, your contact personal data will be on 
our systems. Please see our contacts privacy notice at Talend, Inc. 
<https://www.talend.com/contacts-privacy-policy/>

Reply via email to