JSR-370: Even Better JAX-RS on the way
2 hours ago

By Sergey Beryozkin
No doubt JAX-RS 2.0 (JSR-339) has been, is and will be a success - a lot has been written  about the top features JAX-RS 2.0 offers. It is still very much a relevant story for many developers who have their REST services being migrated to JAX-RS 2.0, it is not always easy for a given production to switch to a new specification's API fast.

But JAX-RS 2.0 is not the end of JAX-RS as such. So the fact JSR-370 (JAX-RS 2.1) is now active is a very ...
Continue reading →

Two new security advisories for Apache CXF
5 days ago

By Colm O hEigeartaigh
Two new security advisories have been released for Apache CXF, please see the CXF security advisories page for the details:
  • CVE-2014-3623: Apache CXF does not properly enforce the security semantics of SAML SubjectConfirmation methods when used with the TransportBinding
  • CVE-2014-3584: Apache CXF JAX-RS SAML handling is vulnerable to a Denial of Service (DoS) attack
If you are using SAML SSO or else SAML tokens with the WS-SecurityPolicy Transport ...
Continue reading →

Apache CXF Authentication and Authorization test-cases IV
6 days ago

By Colm O hEigeartaigh
This is the fourth in a series of posts on authentication and authorization test-cases for web services using Apache CXF. The first focused on different ways to authenticate and authorize UsernameTokens for JAX-WS services. The second looked at more advanced examples such as using Kerberos, WS-Trust, XACML, etc. The third looked at different ways of achieving SSO in CXF for both JAX-WS and JAX-RS services. This post gives some examples of ...
Continue reading →

Apache CXF Fediz 1.1.2 released
1 week ago

By Colm O hEigeartaigh
Apache CXF Fediz 1.1.2 has been released. Apache CXF Fediz is a Single Sign-On (SSO) solution based on the WS-Federation Passive Requestor Profile. It consists of an Identity Provider (IdP) which leverages the Apache CXF STS to issue tokens, as well as a number of container-specific plugins (Jetty, Tomcat, Spring, etc.) to enable SSO for web applications. The issues fixed in the new release include an upgrade to CXF 2.7.13, support for claims mapping ...
Continue reading →

Kerberos Credential Delegation support in Apache CXF
1 week ago

By Colm O hEigeartaigh
Apache CXF provides full support for integrating Kerberos with JAX-WS and JAX-RS services. A previous tutorial (here and here) described how to set up Kerberos with WS-Security in CXF, where the client obtains a Kerberos service ticket and encodes it in the security header of the request, and where it is validated in turn by the service. In this post we will discuss support for kerberos credential delegation for JAX-WS clients and services in Apache ...
Continue reading →
More Articles

Pages

Subscribe to Talend Community Coders aggregator