Apache CXF 3.0 What’s new? Daniel Kulp VP Open Source Development Talend
Apache CXF 3.0 What’s new?
Daniel Kulp VP Open Source Development
Talend
Your Speaker• VP - Open Source Development at Talend
• Team of engineers devoted to Apache Projects
• Worked on WebService/SOA related technology for over 10 years
• Apache Software Foundation
• Apache CXF - since the beginning
• Apache Maven, Apache WebServices, Apache Camel, Apache ServiceMix, Apache Aries, etc…
• Apache Member
A Little About Apache CXF• Entered the Apache Incubator in August 2006
• Merge of Celtix and XFire
• Compete with Axis/Axis2?
• Graduated in April 2008
• JAX-WS 2.x certified, JAX-RS 1.1 certified
• 8 “minor” versions (2.0 - 2.7), 86 patch releases
• 33 committers - 21 active
• The most complete implementation of WS-* specifications.
• DOSGi Reference Implementation of OSGi Remote Service Specification
• Apache CXF Fediz - Web Security Framework
• Used in products by Talend, JBoss, Fuse, WSO2, Pramati, MuleSoft, TomEE, IBM, etc…
• Embedded all over - Google “CXF - Service List”
2010 - Is CXF Finished?• Go into maintenance mode? NO!!!!
• Development Efforts Centered around:
• Deployment options
• REST/JAX-RS Based Services
• Services
• Security
Deployment Models• Always have had
• Good for standalone applications
• Top notch Spring support
• Good for WAR based applications (other than conflicts with various app servers)
• OSGi support has “improved”
• Single big bundle -> little bundles (big bundle is GONE for 3.0)
• Blueprint support and enhancements
• Better management
Changed for 3.0• Major refactoring of “api”, “core”, and WSDL based
APIs
• No more wsdl4j.jar or neethi.jar or mail.jar needed for JAX-RS (amongst others)
• Smaller core - removed a lot of duplicate functionality, unused code, deprecated code, etc….
• Better hooks for embedders like TomEE, JBoss, and Talend
REST/JAX-RS• 2.3.x-2.6.x are JAX-RS 1.1 Compliant
• 2.7.x started work on JAX-RS 2.0
• Filters, Interceptors, parts of Async Invocation, dynamic features, exception classes, etc…
• 3.0 will implement JAX-RS 2.0
• Client API, Bean Validation, Suspended requests
• OAuth 1, OAuth 2, SAML, Kerberos
• XML Signature/Encryption
• WADL generation from services
• Interface generation from WADL
• $filter query defined as part of Open Data Protocol
• FIQL searches// Find all employees younger than 25 or older than 35 living in London!http://server.com/employees?_s=(age=lt=25,age=gt=35);city==London
Services• 2.5.0 - introduced “out of the box” services based on CXF
technology
• WS-Notification
• Ported from ServiceMix
• WS-Notification Service using ActiveMQ backend
• JBI removed, pure JAX-WS API’s
• API module added
• WS-Eventing - new for CXF 3.0
• Security Token Service (STS)
• Initially developed for a Talend Customer
• Full production ready STS
• Supports Issue, Validate, Cancel, Renew binding
• Pluggable token validators, claims handlers, SAML customizers, etc…
• Advanced use cases: KeyTypes (Public/Symmetric/Bearer), OnBehalfOf, ActAs, Claims, etc…
• Enhanced support for Roles
• WS-Discovery (CXF 2.7)
• “Probe” the network for services
• Services can announce their availability
• Not just “software services”
• ONVIF compliant IP cameras
• Network Printers
• Network Scanners
• XML Key Management Service (XKMS)
• New for CXF 3.0, back ported for 2.7.7
• Normal - Java KeyStores
• XKMS front end for organizations PKI
• Supports LDAP and File based back ends
• XKMS - continued
• WSS4J Crypto Providers
• Adding support to CXF’s STS to validate keys via XKMS
Fediz• Framework that implements WS-
Federation Passive Requestor Profile
• Plugins to Tomcat to redirect to an IDP for authentication
• Contains a light weight IDP
• Support for Tomcat, WebSphere, Jetty, Spring Security, CXF
Security
“I’m going to make CXF’s WS-Security implementation the best WS-Security implementation.”
!- Colm O hEigeartaigh
http://coheigea.blogspot.com/
Security• STS, XKMS services
• XACML/SAML utilities
• SPNego/Kerberos profiles
• Prevent various DOS attacks
• ehCache based Nonce/Timestamp caches
• XML based attacks (DTD, size, limits)
• New algorithms
• Streaming WS-Security Implementation for 3.0
• StAX Based - MUCH lower memory
• No more DOM/SAAJ (unless required)
• Higher performance
• Quicker failures
• Support attachments
Other 3.0 Things• WS-RM updates
• Full 1.1 support, tested extensively with .NET
• Termination of sequences
• JMX management
• Support for WS-RM with WS-Security and WS-SecureConversation
• CXF specific front end code generator
• Allow passing Bus instances, CXF features
• Guarantees that CXF is picked up
• Allows future configuration points
• New Transports
• Netty based HTTP
• WebSocket
• New JMS Transports (no more Spring)
3.0 Roadmap
• Milestone 2 released - PLEASE TEST
• 3.0 by end of April
• Normal 2.7.x patch releases every 8 weeks
• One more 2.6.x patch release
Questions and More Information
• Apache CXF
• http://cxf.apache.org
• Me