Those of you living in Ireland who tune to listen to a brilliant NewsTalk team will recognize where I've got the idea for this regular, first half of the year, off-topic post :-), indeed, it is from NewsTalk being "more than just news, you know!".

So I got inspired and decided to do this short entry and suggest to you, the developers of web services, that CXF is more just a library,

It is the home, blueprint for developing the modern, secure web ...
Continue reading →

Awhile back I posted an entry on how to get CXF JAX-RS loaded successfully within your favorite Java EE application container, and specifically within the containers like JBoss or Glassfish which have their preferred JAX-RS implementations actively supported.

I think it was a good enough initial step but it proved to be quite incomplete, with users reporting CXF failing to handle the objects of some of JAX-RS core types like Response.

In this rather ...
Continue reading →

OAuth2 allows third-party clients to use different types of grants in order to request access tokens. The specification defines a number of grant types to get some specific flows supported, but also allows for extensions - one can use whatever custom grant is required in a particular scenario.

SAML2 Bearer Assertion Profiles  and JWT Bearer Token Profiles standardize  two such extension grants, SAML2 Bearer Assertions and JWT Bearer Tokens ...
Continue reading →

JAX magazine for Java developers features articles and tutorials which can help to get the most of all the new and cool technologies and developments happening in the Java land today.

The latest issue offers, among other features, the tutorial introducing FIQL and how it is currently supported in Apache CXF. Please download the issue as a PDF or get it over your preferred channel (on iTunes, etc), and see what you can do with FIQL - and provide the ...
Continue reading →

Jettison 1.3.3 has been released earlier this month, please check the Download page.

This release ships a better MappedXMLStreamReader: arrays to be mapped to primitive collections in JAXB beans can be correctly processed without the loss of the data, some if its methods dealing with text will work properly as expected and the callers can identify an absolute position of the first illegal JSON character after XMLStreamException has been thrown.

As ...
Continue reading →

New Year is approaching fast but there is still some time to make one more New Year resolution.

Traditionally, when it comes to expressing the search requirements with HTTP URI, one uses URI query name and value, for example:

1. "/search/people?age=30&age=40"
2. "/search/people?ageFrom=30&ageTill=40"

First query can be read like this: "Find all people who are either 30 or 40 years old", the second - "Find all people older than 30 but younger ...
Continue reading →

I've been focusing quite a lot recently on enhancing CXF Search extension module, by improving the existing converters and creating the new ones, making sure the parser is configurable, flexible and capable of mapping arbitrary property names to the properties of the bean capturing the search expression, and improving the documentation.

Andy Michalec created a FIQL parser quite a long time ago, it's been around for a while really, but it is only since ...
Continue reading →

It has taken me about 90 minutes to write an initial FIQL to LDAP converter which outputs the query formatted according to RFC 4515 and document it here.

I have copied most of the boiler-plate code from the FIQL to SQL converter and given how simple the LDAP query is it was very easy to finish it off fast. The point is that other custom converters (example FIQL to CQL) can likely be written even faster by copying and pasting the LDAP converter :-).

...
Continue reading →

This is a regular, once or so per year, totally off-topic post dedicated to linking the music I listen to to CXF :-)

The New Year is coming soon, time to start thinking about the next year, about the decisions which will make the professional life of developers working with web services front-ends something to really look forward to.

It has never been easy to choose which framework to use to get web services up and running. It is tough. At a decision ...
Continue reading →

OAuth2 Refresh Token grant lets OAuth2 clients owning an access token refresh it with a new access token if the current attempt to access the end user's resources has failed.

Refresh tokens offer an advanced support for the OAuth2-protected applications to force the clients to re-authenticate regularly without forcing them to go via the re-authorization step involving the end user which may not always be practical. 

They can also help with ...
Continue reading →

Dan has released CXF 2.7.0 which has some major enhancements including the addition of the asynchronous HTTP conduit and initial support for most parts of JAX-RS 2.0 (the topic of the next post on this blog).

What I'd like to mention in this post is the few enhancements to CXF wadl-to-java code generator, added thanks to the colleagues from Talend ESB team who have been stressing the generator to the limits :-).

One of the issues with processing ...
Continue reading →

OAuth2 offers a clear differentiation between token grants and token types. Grant is what Access Token service will verify before issuing a token, and the best thing about it is that the same code path is used irrespectively of whatever grant or token is used.

OAuth2 mentions simple bearer tokens as default token types, but of course the bearer is not the only token type possible.

Eran Hammer-Lahav wrote a MAC Access Authentication draft  which ...
Continue reading →

Talend ESB ships many interesting, advanced examples demonstrating CXF and Camel in action. The demos attempt to show something interesting, something that one may try to do in the production.

JAX-RS OAuth2 demo has been evolving as a POC demo with the main goal to stress  CXF OAuth2 services and make sure that they can cope with what one might want to consider as a medium complexity OAuth2 deployment.

The demo shows 4 parties cooperating with or ...
Continue reading →

Kerberos is a well-known security protocol, originally developed at MIT and has been a major authentication protocol on Windows.

Why would you want to learn about or experiment with Kerberos today, when developing web services ?

One may want to do it if we have a web service which needs to expose the information available from the internal Kerberos-protected store or when a Single Sign-On service needs to use  Kerberos servers to keep the ...
Continue reading →

Jettison 1.3.2 has been released this week, please check the Download page.

Those who try to customize the way Jettison works should find it easier to override various Jettison classes, for example, in CXF I've been able to remove about 50 lines of code I had to copy earlier on to get large Jettison sequences optionally restricted.

Jettison will no longer require a namespace map set up for the serialization to work, in cases when it is not configured ...
Continue reading →

A Log Browser demo has been available in the CXF distributions  for more than a year now. This demo is based on the brilliant contribution from Thomasz Opanovicz done as part of his GSOC project.

What I would like to do is explain what exactly the CXF Log Browser can do right now, and suggest some ideas on how it can be enhanced.

At the moment, the browser can be used to poll the Atom-enabled management endpoints and display the available log ...
Continue reading →

As I've mentioned a number of times, FIQL can help with expressing the advanced search conditions in a compact and easy to understand syntax.

The queries like "find all the books published before a given date" are very easy to type in FIQL and extending this query with a restriction like "and having the page count between 80 and 100 pages or less than 20" is quite straightforward too, manually, or with the help of the client FIQL builder.

However, ...
Continue reading →

I blogged about the support for JMS by CXF JAX-RS endpoints two years ago.

The main reason behind making the JAX-RS frontend (associated by most users with supporting HTTP-based communications) JMS-aware was to do with getting the most from the 'investment' made into implementing the RESTful services on top of CXF JAX-RS.

If one has the resource code relying on the JAX-RS runtime to make the inbound data delivered to the right method and easily ...
Continue reading →

Users have been asking during the last couple of years how to test CXF JAX-RS endpoints. One of the users from the CXF community would always point to either a blog entry or paste a code example showing how the endpoints can be tested easily enough.

The problem has been all the time that there was no any documentation on the CXF JAX-RS wiki specifically describing the steps required to get the tests set-up and running.

A new wiki page has been added ...
Continue reading →

Imagine you are working on the RESTful service implementation that relies on JPA2 but having a bit of a difficulty coming up with an interface that can neatly let users search the service data with queries allowing to express something more interesting than just "find all the data that have a given property equal to a given value".

Yes, FIQL is fantastic and its ability to express complex queries in a fairly simple and compact way is hard to ...
Continue reading →

Last week Colm announced that support for SAML Web SSO profile was available starting from CXF 2.6.1. 

We have also created a new CXF wiki page dedicated to describing the way the CXF JAX-RS applications can be protected with SAML SSO filters.

Colm has done a comprehensive testing against many popular IDP implementations which support SAML SSO and we believe that CXF offers one of the most configurable and interoperable SP SAML SSO ...
Continue reading →

I created a presentation few months ago which showed how one can create a simple DB browser for exploring the arbitrary databases using Talend Open Studio for ESB.

The Customers DB explorer we created last time was supporting GET queries allowing to return the list of all the customers and the individual customer records.

I've worked recently on enhancing the job that we created last time for supporting more involved GET queries as well as data updates ...
Continue reading →

You may have already read that so called hash-collision attacks may affect many of the existing Web applications. A massive form, XML or JSON payload with specially constructed keys can be posted to the service and cause the denial of service situation due to the fact many of XML, JSON or form payload processors depend internally on the map implementations that are not capable of dealing with such data effectively.

It does not have to be a specially ...
Continue reading →

CXF 2.6.0 is due to be released soon, with several new features likely to get the developers interested.

CXF is about to become much more OSGI-friendly which will open the way for many new interesting enhancements to come thanks to Dan and Christian leading this major refactoring effort.

The JAX-RS frontend has benefited (as usual :-)) from the core CXF improvements. One of the positive side-effects was that the initial go at splitting the fairly big ...
Continue reading →

They say all the roads lead to Mainz. Indeed, this year it is the home to JAX-2012, a very popular conference for Java developers in Germany.

The Talend team which includes Bernd Trops, Principal Consultant with Talend, Christian, Oliver and myself will be there. We are going to present few sessions during the Apache Integration Day on 18th April, so be there if you can :-)

I'm a bit nervous given that my German is not perfect :-), but with Bernd, ...
Continue reading →

The screen-cast showing how to create a basic DB browser within Talend Open Studio is now available on the Talend Channel.

This presentation is more involved than the one showing how to create a simple REST endpoint. This time a basic database containing a list of customer records is exposed via HTTP and we go through a number of steps showing how the task of creating an arbitrary DB browser can be approached.

Initially the complete list of records is ...
Continue reading →

The signs are that the fortunes of Distributed OSGI are looking good.

Distributed OSGI RI based on Apache CXF (Apache CXF DOSGi RI) has been around for a while, and quite a few OSGI developers have experimented with and built custom applications on top of it successfully.

However, it's been more than a year since DOSGi RI 1.2 has been released and this project has been inactive recently. In meantime, two more Distributed OSGi implementations have been ...
Continue reading →

One is the most confusing things in OAuth is a so-called 2-leg OAuth flow where an explicit authorization step involving the end user pressing an Allow or Deny button is not taken.

There are many resources on the web explaining what is an OAuth 2-leg flow. Most of those explanations are effectively describing the process where the 3rd party consumer accesses its own space on the resource server, possibly with the end user itself 'hiding' behind such ...
Continue reading →

Now and then I'm seeing users reporting issues on the forums to do with deploying web applications with CXF JAX-RS libraries into some of the popular Java EE application servers.

So I thought, while investigating a problem reported on the CXF users list to do with using a CXF Redirection feature in WebLogic, that it was also worth giving it a try and experimenting with deploying a complete OAuth demo web application packaged as a war archive that we ...
Continue reading →

Cross-Origin Resource Sharing (CORS) is a W3C specification (Working Draft) which "defines a mechanism to enable client-side cross-origin requests". Please see the Introduction for more information.

We had several users asking questions about how CORS could possibly be supported in CXF. Then at some point of time a mysterious :-) sergkorney offered his help with prototyping an initial code for a CORS filter, and the process moved forward.

Benson ...
Continue reading →