ApacheCon EU 2014

JAX-RS helps developers create HTTP-centric applications fast. JAX-RS 2.0, the evolution of the popular JAX-RS 1.1 specification, introduces new features which will make it simpler to build end to end HTTP applications of various complexity. This presentation will touch on Apache CXF philosophy of supporting various styles of developing web services, provide an overview of JAX-RS and finish with describing and analyzing all the new features of JAX-RS 2.0.
It will be based on the ""JAX-RS 2.0 With Apache CXF"" presentation given at Apache Con NA 2014 with new slides introduced. JAX-RS 2.1 plans will also be discussed should they become public by the time Apache Con EU 2014 starts.

WebSocket is a full-duplex transport protocol developed as part of HTML5 and has caught attention not only for Browser applications but also also for application integration. This simple HTTP based protocol can operate over a single socket and does not suffer from network restriction such as proxies and firewalls when establishing a duplex channel.

New WebSocket support in Apache CXF can be used to invoke an asynchronous JAX-WS service over a single WebSocket connection instead of using two separate HTTP connections, to establish a direct node connection in a cluster environment, and to asynchronously push data from a JAX-RS service to its client. And Apache Camel now supporting both the client and server side WebSockets can be used to integrate and compose various WebSocket applications with other applications.

Apache CXF supports a full range of SOAP extension technologies. Two of the most important extensions are WS-Security and WS-ReliableMessaging. The WS-Security family of technologies add message-level security to basic SOAP exchanges, while WS-ReliableMessaging adds delivery assurance options. In this presentation Dennis Sosnoski will show you how WS-Security and WS-ReliableMessaging can be added to your CXF SOAP applications with little or no impact on your application code. He'll also discuss how large organizations are increasingly using these SOAP extension technologies in their operations, including how the government of the Netherlands is applying the technologies to educational and other government sectors. Finally, Dennis will summarize the WS-ReliableMessaging and WS-Security enhancements included in the latest CXF 3.0 release.

OAuth2 is a set of specifications describing the way resource owners can allow third party applications access some of their resources. OAuth2 owes a lot to the popularity of older OAuth1, the fact which led to the OAuth2 process being initiated. However the concern about OAuth2 being as capable and secure as OAuth1 is still shared by some developers. In this presentation we will briefly introduce Apache CXF OAuth2 implementation and show how OAuth2 and Hawk (Mac) token can be used to create simpler and no less secure classical OAuth applications.

JAX-RS specification makes creation of REST services easy and intuitive for Java developers. However there are a number of topics to worry about in order to provide clean and maintainable REST APIs.
In this presentation, Andrei will share practical experience to design REST services based on JAX-RS Apache CXF implementation.
The presentation will cover the following:
- Exposing of resources and collections
- Resource methods selection and content negotiation
- Exception processing
- Client and Server asynchronous APIs
- Using of JSON providers
- Crosscutting aspects in JAX-RS filters and interceptors
- Bean validation

The main goals of this presentation are to share the best practices, experience and discuss the most important aspects of designing and implementing REST APIs in your projects.

Security is the common requirement for almost all of the web service related products and solutions. Apache CXF framework provides a wide range of the security features for REST and SOAP services. It supports a number of security standards like OAuth, WS-Trust, WS-Federation. CXF users can benefit from new functionality in Authorization, Key Management and Security Token Service components.
This presentation will review CXF security features and illustrate them with the code. Andrei will show how the security requirements have been implemented in the real projects and discuss possible alternatives.
Which security options are available for the REST service? How to achieve federated authentication in CXF applications? How to implement authorization in web service? What is the benefit of the public key infrastructure and XKMS? - These questions will be discussed during the session.