Try Free

Learn More about Secure JAX-RS

Security
Rudy De Busscher
Published: 09 Oct 2018
Updated: 21 Oct 2025

Introduction

With the rise of the micro-service architecture, we have seen also a shift from SOAP to REST as the means of exchanging data between parties. REST and JAX-RS are gaining a lot of popularity outside the micro-service world, also.

 

And if you compare the effort to use them, it is no surprise to see such a shift.

 

 

At EclipseCon in the Cloud-Native Java track, to I showed you how to use JWT tokens and HTTPS Signatures to securely replace your SOAP usage by JAX-RS. You can find the video at the bottom of this post.

 

Security

 

We can’t just replace all our SOAP endpoint with JAX-RS endpoints. From a technical point of view, there are some differences between the technologies (which are most of the time quite manageable) but there is one aspect which is missing in JAX-RS – and that is security.

 

Within the SOAP framework, we have a variety of tools for security, including the WS-Security extension. It gives you encryption, process to process integrity, certificates, etc – but JAX-RS only offers the capabilities of the underlying protocol.

 

Secure JAX-RS

We can use the default  SSL functionality to add security within JAX-RS, and although SSL provides some very good functionality, there are a few attention points and limitations.

 

How do you track your ‘sender’ and what is the impact of SSL interruption on the integrity guarantee that you should provide?

 

For identifying the other endpoint of your JAX-RS connection, Client Certificates can only be used when the number of clients is stable and doesn’t change much.

 

And to overcome SSL interruption, we need something on the process level to guarantee integrity and prevent the server from handling this.

 

Secure JAX-RS Presentation at EclipseCon

The ‘Secure JAX-RS’ presentation goes deeper into these topics and shows how you can use JWT tokens and HTTPS Signatures to securely replace your SOAP usage by JAX-RS.

 

 

 

 

Share:

Download Payara Platform Community

Comments (4)

Post a comment

Your email address will not be published. Required fields are marked *

Payara needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Legal & Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. Hajo

    Sounds quite interesting. Will the presentation be made public or where can I get it from?

    Reply
  2. Rudy De Busscher

    Hi Hajo,

    You can find the slides here https://www.slideshare.net/rdebusscher/secure-rest-payara.

    Reply
  3. Julien Sié

    Excellent. Very nice 🙂 Would be smarter with an example using a Docker – MySQL but anyway thanks for the tips.

    Reply
    1. Rudy De Busscher

      Hi Julien,

      That is indeed an idea for a future update. Thanks.

      Although I want to minimize the usage of technologies which aren’t directly related to the core concept of the talk. In order to be able to focus on the topic itself and not be distracted by those other technologies.

      That said, I’m glad you liked the talk.

      Regards
      Rudy

      Reply

Related Posts

The Imperative for Legacy Java Modernization in Banking Cover 2 minutes
Jakarta EE
Luqman Saeed
24 Oct 2025

The $57 Billion Problem: Why Banking’s Java Legacy Crisis Demands Immediate Action

How outdated Java systems are draining budgets and throttling innovation across financial services? Let’s dig in in this blog […]

Read More
Interview The software that could be putting your cyber-security at risk 2 minutes
Security
Payara Content Team
22 Oct 2025

Middleware Cyber Security: The Hidden Risk Every C-Suite Should Prioritize

When tackling cyber risk at the strategic level, it pays to learn from trusted leaders. Steve Millidge, CEO and […]

Read More
Payara Qube-Cloud Light banner 4 minutes
Security
Asif Khan
29 Sep 2025

Zero Trust Security in Enterprise Java: What it is and How to Implement it

Cybersecurity isn’t just about building walls, fortresses, moats or any other external barrier anymore. Nowadays, it’s important to check […]

Read More