Apache CXF New Directions in Integration
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Apache CXF New Directions in Integration

on

  • 755 views

Slides from my WJAX 2013 Presentation where we talked about many of the new features and directions that Apache CXF is taking.

Slides from my WJAX 2013 Presentation where we talked about many of the new features and directions that Apache CXF is taking.

Statistics

Views

Total Views
755
Views on SlideShare
755
Embed Views
0

Actions

Likes
0
Downloads
13
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NonCommercial LicenseCC Attribution-NonCommercial License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Apache CXF New Directions in Integration Presentation Transcript

  • 1. Apache CXF New Directions in Integration Daniel Kulp VP Open Source Development Talend
  • 2. Your Speaker • VP - Open Source Development at Talend • • • Team of engineers devoted to Apache Projects Worked on WebService/SOA related technology for over 10 years Apache Software Foundation • Apache CXF - since the beginning • Apache Maven, Apache WebServices, Apache Camel, Apache ServiceMix, Apache Aries, etc… • Apache Member
  • 3. A Little About Apache CXF • Entered the Apache Incubator in August 2006 • Merge of Celtix and XFire • Compete with Axis/Axis2? • Graduated in April 2008 • JAX-WS 2.x certified, JAX-RS 1.1 certified • 8 “minor” versions (2.0 - 2.7), 82 patch releases • 33 committers - 21 active
  • 4. • The most complete implementation of WS-* specifications. • DOSGi Reference Implementation of OSGi Remote Service Specification • Apache CXF Fediz - Web Security Framework • Used in products by Talend, JBoss, Fuse, WSO2, Pramati, MuleSoft, TomEE, IBM, etc… • Embedded all over - Google “CXF - Service List”
  • 5. 2010 - Is CXF Finished? • Go into maintenance mode? NO!!!! • Development Efforts Centered around: • Deployment options • REST/JAX-RS Based Services • Services • Security
  • 6. Deployment Models • Always have had • • Top Notch Spring support • • Good for standalone applications Good for WAR based applications (other than conflicts with various app servers) OSGi support has “improved” • Single big bundle -> little bundles • Blueprint support and enhancements • Better management
  • 7. Changed for 3.0 • Major refactoring of “api”, “core”, and WSDL based APIs • No more wsdl4j.jar or neethi.jar or mail.jar needed for JAX-RS (amongst others) • Smaller core - removed a lot of duplicate functionality, unused code, deprecated code, etc…. • Better hooks for embedders like TomEE, JBoss, and Talend
  • 8. REST/JAX-RS • 2.3.x-2.6.x is JAX-RS 1.1 Compliant • 2.7.x started work on JAX-RS 2.0 • • Filters, Interceptors, parts of Async Invokation, dynamic features, exception classes, etc… 3.0 will be JAX-RS 2.0 compliant • Client API, Bean Validation
  • 9. • OAuth 1, OAuth 2, SAML, Kerberos • WADL generation from services • Interface generation from WADL • Started discussions about RAML • FIQL searches // Find all employees younger than 25 or older than 35 living in London! http://server.com/employees?_s=(age=lt=25,age=gt=35);city==London
  • 10. Services • 2.5.0 - introduced “out of the box” services based on CXF technology • WS-Notification • • WS-Notification Service using ActiveMQ backend • JBI removed, pure JAX-WS API’s • • Ported from ServiceMix API module added WS-Eventing - new for CXF 3.0
  • 11. • Security Token Service (STS) • Initially developed for a Talend Customer • Full production ready STS • Supports Issue, Validate, Cancel, Renew binding • Pluggable token validators, claims handlers, SAML customizers, etc… • Advanced use cases: KeyTypes (Public/Symmetric/ Bearer), OnBehalfOf, ActAs, Claims, etc… • Enhanced support for Roles
  • 12. • WS-Discovery (CXF 2.7) • “Probe” the network for services • Services can announce their availability • Not just “software services” • ONVIF compliant IP cameras • Network Printers • Network Scanners
  • 13. • XML Key Management Service (XKMS) • New for CXF 3.0, back ported for 2.7.7 • Normal - Java KeyStores • XKMS front end for organizations PKI • Supports LDAP and File based back ends
  • 14. • XKMS - continued • WSS4J Crypto Providers • Adding support to CXF’s STS to validate keys via XKMS
  • 15. Fediz • Framework that implements WSFederation Passive Requestor Profile • Plugins to Tomcat to redirect to an IDP for authentication • Contains a light weight IDP • Soon: support for Jetty, Spring Security, CXF
  • 16. Security “I’m going to make CXF’s WS-Security implementation the best WS-Security implementation.” ! - Colm O hEigeartaigh http://coheigea.blogspot.com/
  • 17. Security • STS, XKMS services • XACML/SAML utilities • SPNego/Kerberos profiles • Prevent various DOS attacks • ehCache based Nonce/Timestamp caches • XML based attacks (DTD, size, limits) • New algorithms
  • 18. • Streaming WS-Security Implementation for 3.0 • StAX Based • No more DOM/SAAJ (unless required) • Higher performance • Quicker failures • Support MIME attachments
  • 19. Other 3.0 Things • WS-RM updates • Full 1.1 support, tested extensively with .NET • Termination of sequences • JMX management • Support for WS-RM with WS-Security and WSSecureConversation
  • 20. • CXF specific front end code generator • Allow passing Bus instances, CXF features • Guarantees that CXF is picked up • Allows future configuration points
  • 21. 3.0 Roadmap • A “milestone” release in the next week or so • A second milestone or beta before the end of the year • 3.0 in early Q1 • Normal 2.7.x/2.6.x patch releases every 8 weeks • Fediz 1.1 release (voting now)
  • 22. Questions and More Information • Apache CXF • • • http://cxf.apache.org users@cxf.apache.org Me • dkulp@apache.org or dkulp@talend.com