2. Your Speaker
•
VP - Open Source Development at Talend
•
•
•
Team of engineers devoted to Apache Projects
Worked on WebService/SOA related technology for over 10
years
Apache Software Foundation
•
Apache CXF - since the beginning
•
Apache Maven, Apache WebServices, Apache Camel, Apache
ServiceMix, Apache Aries, etc…
•
Apache Member
3. A Little About Apache CXF
•
Entered the Apache Incubator in August 2006
•
Merge of Celtix and XFire
•
Compete with Axis/Axis2?
•
Graduated in April 2008
•
JAX-WS 2.x certified, JAX-RS 1.1 certified
•
8 “minor” versions (2.0 - 2.7), 82 patch releases
•
33 committers - 21 active
4. •
The most complete implementation of WS-*
specifications.
•
DOSGi Reference Implementation of OSGi
Remote Service Specification
•
Apache CXF Fediz - Web Security Framework
•
Used in products by Talend, JBoss, Fuse,
WSO2, Pramati, MuleSoft, TomEE, IBM, etc…
•
Embedded all over - Google “CXF - Service List”
5. 2010 - Is CXF Finished?
•
Go into maintenance mode? NO!!!!
•
Development Efforts Centered around:
•
Deployment options
•
REST/JAX-RS Based Services
•
Services
•
Security
6. Deployment Models
•
Always have had
•
•
Top Notch Spring support
•
•
Good for standalone applications
Good for WAR based applications (other than conflicts with various
app servers)
OSGi support has “improved”
•
Single big bundle -> little bundles
•
Blueprint support and enhancements
•
Better management
7. Changed for 3.0
•
Major refactoring of “api”, “core”, and WSDL based
APIs
•
No more wsdl4j.jar or neethi.jar or mail.jar needed
for JAX-RS (amongst others)
•
Smaller core - removed a lot of duplicate
functionality, unused code, deprecated code, etc….
•
Better hooks for embedders like TomEE, JBoss, and
Talend
8. REST/JAX-RS
•
2.3.x-2.6.x is JAX-RS 1.1 Compliant
•
2.7.x started work on JAX-RS 2.0
•
•
Filters, Interceptors, parts of Async Invokation,
dynamic features, exception classes, etc…
3.0 will be JAX-RS 2.0 compliant
•
Client API, Bean Validation
9. •
OAuth 1, OAuth 2, SAML, Kerberos
•
WADL generation from services
•
Interface generation from WADL
•
Started discussions about RAML
•
FIQL searches
// Find all employees younger than 25 or older than 35 living in London!
http://server.com/employees?_s=(age=lt=25,age=gt=35);city==London
10. Services
•
2.5.0 - introduced “out of the box” services based on CXF
technology
•
WS-Notification
•
•
WS-Notification Service using ActiveMQ backend
•
JBI removed, pure JAX-WS API’s
•
•
Ported from ServiceMix
API module added
WS-Eventing - new for CXF 3.0
11. •
Security Token Service (STS)
•
Initially developed for a Talend Customer
•
Full production ready STS
•
Supports Issue, Validate, Cancel, Renew binding
•
Pluggable token validators, claims handlers, SAML
customizers, etc…
•
Advanced use cases: KeyTypes (Public/Symmetric/
Bearer), OnBehalfOf, ActAs, Claims, etc…
•
Enhanced support for Roles
12. •
WS-Discovery (CXF 2.7)
•
“Probe” the network for services
•
Services can announce their availability
•
Not just “software services”
•
ONVIF compliant IP cameras
•
Network Printers
•
Network Scanners
13. •
XML Key Management
Service (XKMS)
•
New for CXF 3.0, back
ported for 2.7.7
•
Normal - Java KeyStores
•
XKMS front end for
organizations PKI
•
Supports LDAP and File
based back ends
15. Fediz
•
Framework that implements WSFederation Passive Requestor
Profile
•
Plugins to Tomcat to redirect to
an IDP for authentication
•
Contains a light weight IDP
•
Soon: support for Jetty, Spring
Security, CXF
16. Security
“I’m going to make CXF’s WS-Security implementation the
best WS-Security implementation.”
!
- Colm O hEigeartaigh
http://coheigea.blogspot.com/
17. Security
•
STS, XKMS services
•
XACML/SAML utilities
•
SPNego/Kerberos profiles
•
Prevent various DOS attacks
•
ehCache based Nonce/Timestamp caches
•
XML based attacks (DTD, size, limits)
•
New algorithms
18. •
Streaming WS-Security Implementation for 3.0
•
StAX Based
•
No more DOM/SAAJ (unless required)
•
Higher performance
•
Quicker failures
•
Support MIME attachments
19. Other 3.0 Things
•
WS-RM updates
•
Full 1.1 support, tested extensively with .NET
•
Termination of sequences
•
JMX management
•
Support for WS-RM with WS-Security and WSSecureConversation
20. •
CXF specific front end code generator
•
Allow passing Bus instances, CXF features
•
Guarantees that CXF is picked up
•
Allows future configuration points
21. 3.0 Roadmap
•
A “milestone” release in the next week or so
•
A second milestone or beta before the end of
the year
•
3.0 in early Q1
•
Normal 2.7.x/2.6.x patch releases every 8 weeks
•
Fediz 1.1 release (voting now)