Feeling Hawkish about OAuth2 ?
2 months ago

By Sergey Beryozkin
You all know the recent OAuth history of course, Eran Hammer, the author of  popular OAuth1 specification, leaving the OAuth2 work group, with OAuth2 not getting much of a praise from Eran afterwards.
 
Eran has started several projects afterwards, Hawk and Oz in particular.  The former is the evolution of the MAC draft Eran and others authored as part of the OAuth2 work, the latter is the alternative to OAuth2.

Now, I do like the OAuth2 ...
Continue reading →

You're gonna be a star with CXF !
2 months ago

By Sergey Beryozkin
I've happened to listen to one of my favorite songs, All the Way to Reno from R.E.M, just recently, which probably shows me being not exactly very young :-).

Apparently the text has a lot of subtle meanings but one really can't beat its gentle rhythm leading to the listener having a kind of 'life is good' feeling, being optimistic.

"You're gonna be a star", you really can and you will...Feeling the excitement has gone out of the web services ...
Continue reading →

Use OAuth2 tokens to protect CXF SOAP endpoints
2 months ago

By Sergey Beryozkin
So you are a happy Apache CXF developer working with its second-to-none WS SOAP front-end, creating SOAP endpoints protected by WS-Security. Your friends from the other team have deployed few CXF JAX-RS endpoints protected by the OAuth2 filter validating the incoming OAuth2 tokens with the remote OAuth2 server.

Now, you really, really, really want to get your SOAP client code use OAuth2 tokens too, the same tokens non-SOAP RS clients use to access RS ...
Continue reading →

Stateless OAuth2 providers in CXF 3.0.0
2 months ago

By Sergey Beryozkin
Writing a proper OAuth2 data provider typically involves persisting the data such as access token, refresh token and transient authorization code representations in the storage of some sort (relational database, etc).

It is also a well-known fact that major OAuth2 providers often have the access token state encrypted - the clients effectively keep the token state, the server does not need to worry about persisting and looking up the tokens. It is ...
Continue reading →

CXF 3.0.0 Milestone1 is out !
4 months ago

By Sergey Beryozkin
CXF 3.0.0 Milestone1 has been released this week.  We have all worked very hard on getting this new major release out.

Here is what is new:

- CXF has become more modular. For example, CXF JAX-RS frontend in CXF 2.7.x or earlier has WSDL4J library dependency. Removing it completely proved very hard earlier, but Dan got involved and now the JAX-RS frontend has a minimum number of strong dependencies.

- JAX-RS 2.0 has been completely implemented. ...
Continue reading →

CXF 3.0 Trunk is JAX-RS 2.0 Ready
7 months ago

By Sergey Beryozkin
It took us some time to get the core JAX-RS 2.0 API completely implemented.

As I mentioned in my previous post the API is rich and powerful, so indeed it required quite a bit of effort to get it all supported but I'm happy to confirm that after resolving a CXF JIRA issue two days ago to do with supporting 2.0 Fluent Client API it is done now, CXF 3.0 Trunk is JAX-RS Ready.

As far as supporting new Client API is concerned, for the most part it has been ...
Continue reading →

JAX-RS 2.0 is out !
10 months ago

By Sergey Beryozkin
You may have already heard JAX-RS 2.0 (JSR-339) has been released. This is a very good news for Java developers building their RESTful HTTP applications and here are the reasons why.

The 2.0 API  offers a lot of new enhancements on top of already very capable JAX-RS 1.1 (JSR-311) API and spec. It has really been a very serious push to the next level across all the API and the specification text. And what is really good is that the community can ...
Continue reading →

[OT] Apache CXF is more than just a library, you know!
1 year ago

By Sergey Beryozkin
Those of you living in Ireland who tune to listen to a brilliant NewsTalk team will recognize where I've got the idea for this regular, first half of the year, off-topic post :-), indeed, it is from NewsTalk being "more than just news, you know!".

So I got inspired and decided to do this short entry and suggest to you, the developers of web services, that CXF is more just a library,

It is the home, blueprint for developing the modern, secure web ...
Continue reading →

On the way to making CXF JAX-RS run easily in your application container
1 year ago

By Sergey Beryozkin
Awhile back I posted an entry on how to get CXF JAX-RS loaded successfully within your favorite Java EE application container, and specifically within the containers like JBoss or Glassfish which have their preferred JAX-RS implementations actively supported.

I think it was a good enough initial step but it proved to be quite incomplete, with users reporting CXF failing to handle the objects of some of JAX-RS core types like Response.

In this rather ...
Continue reading →

Use SAML2 Assertions as OAuth2 Token Grants or Authenticators with CXF
1 year ago

By Sergey Beryozkin
OAuth2 allows third-party clients to use different types of grants in order to request access tokens. The specification defines a number of grant types to get some specific flows supported, but also allows for extensions - one can use whatever custom grant is required in a particular scenario.

SAML2 Bearer Assertion Profiles  and JWT Bearer Token Profiles standardize  two such extension grants, SAML2 Bearer Assertions and JWT Bearer Tokens ...
Continue reading →

FIQL explained in JAX Magazine tutorial
1 year ago

By Sergey Beryozkin
JAX magazine for Java developers features articles and tutorials which can help to get the most of all the new and cool technologies and developments happening in the Java land today.

The latest issue offers, among other features, the tutorial introducing FIQL and how it is currently supported in Apache CXF. Please download the issue as a PDF or get it over your preferred channel (on iTunes, etc), and see what you can do with FIQL - and provide the ...
Continue reading →

Jettison 1.3.3 is out
1 year ago

By Sergey Beryozkin
Jettison 1.3.3 has been released earlier this month, please check the Download page.

This release ships a better MappedXMLStreamReader: arrays to be mapped to primitive collections in JAXB beans can be correctly processed without the loss of the data, some if its methods dealing with text will work properly as expected and the callers can identify an absolute position of the first illegal JSON character after XMLStreamException has been thrown.

As ...
Continue reading →

Say Goodbye to HTTP URI Query Parameters
1 year ago

By Sergey Beryozkin
New Year is approaching fast but there is still some time to make one more New Year resolution.

Traditionally, when it comes to expressing the search requirements with HTTP URI, one uses URI query name and value, for example:

1. "/search/people?age=30&age=40"
2. "/search/people?ageFrom=30&ageTill=40"

First query can be read like this: "Find all people who are either 30 or 40 years old", the second - "Find all people older than 30 but younger ...
Continue reading →

FIQL and JPA2 Queries In Action
1 year ago

By Sergey Beryozkin
I've been focusing quite a lot recently on enhancing CXF Search extension module, by improving the existing converters and creating the new ones, making sure the parser is configurable, flexible and capable of mapping arbitrary property names to the properties of the bean capturing the search expression, and improving the documentation.

Andy Michalec created a FIQL parser quite a long time ago, it's been around for a while really, but it is only since ...
Continue reading →

Use FIQL to query LDAP and OSGI containers
1 year ago

By Sergey Beryozkin
It has taken me about 90 minutes to write an initial FIQL to LDAP converter which outputs the query formatted according to RFC 4515 and document it here.

I have copied most of the boiler-plate code from the FIQL to SQL converter and given how simple the LDAP query is it was very easy to finish it off fast. The point is that other custom converters (example FIQL to CQL) can likely be written even faster by copying and pasting the LDAP converter :-).

...
Continue reading →

[OT] Just Say Yes to CXF
1 year ago

By Sergey Beryozkin
This is a regular, once or so per year, totally off-topic post dedicated to linking the music I listen to to CXF :-)

The New Year is coming soon, time to start thinking about the next year, about the decisions which will make the professional life of developers working with web services front-ends something to really look forward to.

It has never been easy to choose which framework to use to get web services up and running. It is tough. At a decision ...
Continue reading →

How to refresh OAuth2 access tokens in CXF
1 year ago

By Sergey Beryozkin
OAuth2 Refresh Token grant lets OAuth2 clients owning an access token refresh it with a new access token if the current attempt to access the end user's resources has failed.

Refresh tokens offer an advanced support for the OAuth2-protected applications to force the clients to re-authenticate regularly without forcing them to go via the re-authorization step involving the end user which may not always be practical. 

They can also help with ...
Continue reading →

Latest WADL To Java enhancements in CXF
1 year ago

By Sergey Beryozkin
Dan has released CXF 2.7.0 which has some major enhancements including the addition of the asynchronous HTTP conduit and initial support for most parts of JAX-RS 2.0 (the topic of the next post on this blog).

What I'd like to mention in this post is the few enhancements to CXF wadl-to-java code generator, added thanks to the colleagues from Talend ESB team who have been stressing the generator to the limits :-).

One of the issues with processing ...
Continue reading →

OAuth2 MAC Access Token support in CXF
1 year ago

By Sergey Beryozkin
OAuth2 offers a clear differentiation between token grants and token types. Grant is what Access Token service will verify before issuing a token, and the best thing about it is that the same code path is used irrespectively of whatever grant or token is used.

OAuth2 mentions simple bearer tokens as default token types, but of course the bearer is not the only token type possible.

Eran Hammer-Lahav wrote a MAC Access Authentication draft  which ...
Continue reading →

OAuth2 Demo in Talend ESB
1 year ago

By Sergey Beryozkin
Talend ESB ships many interesting, advanced examples demonstrating CXF and Camel in action. The demos attempt to show something interesting, something that one may try to do in the production.

JAX-RS OAuth2 demo has been evolving as a POC demo with the main goal to stress  CXF OAuth2 services and make sure that they can cope with what one might want to consider as a medium complexity OAuth2 deployment.

The demo shows 4 parties cooperating with or ...
Continue reading →

Master Kerberos Security with Apache CXF
1 year ago

By Sergey Beryozkin
Kerberos is a well-known security protocol, originally developed at MIT and has been a major authentication protocol on Windows.

Why would you want to learn about or experiment with Kerberos today, when developing web services ?

One may want to do it if we have a web service which needs to expose the information available from the internal Kerberos-protected store or when a Single Sign-On service needs to use  Kerberos servers to keep the ...
Continue reading →

Jettison 1.3.2 is out
1 year ago

By Sergey Beryozkin
Jettison 1.3.2 has been released this week, please check the Download page.

Those who try to customize the way Jettison works should find it easier to override various Jettison classes, for example, in CXF I've been able to remove about 50 lines of code I had to copy earlier on to get large Jettison sequences optionally restricted.

Jettison will no longer require a namespace map set up for the serialization to work, in cases when it is not configured ...
Continue reading →

CXF Log Browser Demo
1 year ago

By Sergey Beryozkin
A Log Browser demo has been available in the CXF distributions  for more than a year now. This demo is based on the brilliant contribution from Thomasz Opanovicz done as part of his GSOC project.

What I would like to do is explain what exactly the CXF Log Browser can do right now, and suggest some ideas on how it can be enhanced.

At the moment, the browser can be used to poll the Atom-enabled management endpoints and display the available log ...
Continue reading →

Advanced queries involving multiple entities
1 year ago

By Sergey Beryozkin
As I've mentioned a number of times, FIQL can help with expressing the advanced search conditions in a compact and easy to understand syntax.

The queries like "find all the books published before a given date" are very easy to type in FIQL and extending this query with a restriction like "and having the page count between 80 and 100 pages or less than 20" is quite straightforward too, manually, or with the help of the client FIQL builder.

However, ...
Continue reading →

JMS Transport support for CXF JAX-RS clients
1 year ago

By Sergey Beryozkin
I blogged about the support for JMS by CXF JAX-RS endpoints two years ago.

The main reason behind making the JAX-RS frontend (associated by most users with supporting HTTP-based communications) JMS-aware was to do with getting the most from the 'investment' made into implementing the RESTful services on top of CXF JAX-RS.

If one has the resource code relying on the JAX-RS runtime to make the inbound data delivered to the right method and easily ...
Continue reading →

How to test CXF JAX-RS endpoints
1 year ago

By Sergey Beryozkin
Users have been asking during the last couple of years how to test CXF JAX-RS endpoints. One of the users from the CXF community would always point to either a blog entry or paste a code example showing how the endpoints can be tested easily enough.

The problem has been all the time that there was no any documentation on the CXF JAX-RS wiki specifically describing the steps required to get the tests set-up and running.

A new wiki page has been added ...
Continue reading →

From FIQL expressions to typed JPA queries
1 year ago

By Sergey Beryozkin
Imagine you are working on the RESTful service implementation that relies on JPA2 but having a bit of a difficulty coming up with an interface that can neatly let users search the service data with queries allowing to express something more interesting than just "find all the data that have a given property equal to a given value".

Yes, FIQL is fantastic and its ability to express complex queries in a fairly simple and compact way is hard to ...
Continue reading →

SAML Web SSO for CXF JAX-RS endpoints
1 year ago

By Sergey Beryozkin
Last week Colm announced that support for SAML Web SSO profile was available starting from CXF 2.6.1. 

We have also created a new CXF wiki page dedicated to describing the way the CXF JAX-RS applications can be protected with SAML SSO filters.

Colm has done a comprehensive testing against many popular IDP implementations which support SAML SSO and we believe that CXF offers one of the most configurable and interoperable SP SAML SSO ...
Continue reading →

RESTful Data Updates with Talend Studio
1 year ago

By Sergey Beryozkin
I created a presentation few months ago which showed how one can create a simple DB browser for exploring the arbitrary databases using Talend Open Studio for ESB.

The Customers DB explorer we created last time was supporting GET queries allowing to return the list of all the customers and the individual customer records.

I've worked recently on enhancing the job that we created last time for supporting more involved GET queries as well as data updates ...
Continue reading →

Controlling Large Payloads in CXF
1 year ago

By Sergey Beryozkin
You may have already read that so called hash-collision attacks may affect many of the existing Web applications. A massive form, XML or JSON payload with specially constructed keys can be posted to the service and cause the denial of service situation due to the fact many of XML, JSON or form payload processors depend internally on the map implementations that are not capable of dealing with such data effectively.

It does not have to be a specially ...
Continue reading →
More Articles (+10)

Pages

Subscribe to Talend Community Coders aggregator - Sergey Beryozkin