Try Free

Learn More about Secure JAX-RS

Uncategorized
Rudy De Busscher
Published: 09 Oct 2018
Updated: 07 Aug 2025

Introduction

With the rise of the micro-service architecture, we have seen also a shift from SOAP to REST as the means of exchanging data between parties. REST and JAX-RS are gaining a lot of popularity outside the micro-service world, also.

 

And if you compare the effort to use them, it is no surprise to see such a shift.

 

 

At EclipseCon in the Cloud-Native Java track, to I showed you how to use JWT tokens and HTTPS Signatures to securely replace your SOAP usage by JAX-RS. You can find the video at the bottom of this post.

 

Security

 

We can’t just replace all our SOAP endpoint with JAX-RS endpoints. From a technical point of view, there are some differences between the technologies (which are most of the time quite manageable) but there is one aspect which is missing in JAX-RS – and that is security.

 

Within the SOAP framework, we have a variety of tools for security, including the WS-Security extension. It gives you encryption, process to process integrity, certificates, etc – but JAX-RS only offers the capabilities of the underlying protocol.

 

Secure JAX-RS

We can use the default  SSL functionality to add security within JAX-RS, and although SSL provides some very good functionality, there are a few attention points and limitations.

 

How do you track your ‘sender’ and what is the impact of SSL interruption on the integrity guarantee that you should provide?

 

For identifying the other endpoint of your JAX-RS connection, Client Certificates can only be used when the number of clients is stable and doesn’t change much.

 

And to overcome SSL interruption, we need something on the process level to guarantee integrity and prevent the server from handling this.

 

Secure JAX-RS Presentation at EclipseCon

The ‘Secure JAX-RS’ presentation goes deeper into these topics and shows how you can use JWT tokens and HTTPS Signatures to securely replace your SOAP usage by JAX-RS.

 

 

 

 

Share:

Download Payara Platform Community

Comments (4)

Post a comment

Your email address will not be published. Required fields are marked *

Payara needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Legal & Privacy Policy.

  1. Hajo

    Sounds quite interesting. Will the presentation be made public or where can I get it from?

    Reply
  2. Rudy De Busscher

    Hi Hajo,

    You can find the slides here https://www.slideshare.net/rdebusscher/secure-rest-payara.

    Reply
  3. Julien Sié

    Excellent. Very nice 🙂 Would be smarter with an example using a Docker – MySQL but anyway thanks for the tips.

    Reply
    1. Rudy De Busscher

      Hi Julien,

      That is indeed an idea for a future update. Thanks.

      Although I want to minimize the usage of technologies which aren’t directly related to the core concept of the talk. In order to be able to focus on the topic itself and not be distracted by those other technologies.

      That said, I’m glad you liked the talk.

      Regards
      Rudy

      Reply

Related Posts

Payara Qube-Cloud Light banner 4 minutes
Security
Asif Khan
29 Sep 2025

Zero Trust Security in Enterprise Java: What it is and How to Implement it

Cybersecurity isn’t just about building walls, fortresses, moats or any other external barrier anymore. Nowadays, it’s important to check […]

Read More
4 minutes
Uncategorized
Dominika Tasarz
25 Sep 2025

Leading the Way: Payara Platform Community 7 Beta Now Fully Jakarta EE 11 Certified

We’re excited to announce that Payara Platform Community 7 Beta application server is now fully certified as Jakarta EE 11 […]

Read More
Understanding the Security Issues of Aging Middleware 8 minutes
Security
Chiara Civardi
18 Sep 2025

Understanding the Security Issues of Aging Middleware

Middleware runs quietly in the background of most applications, which makes it easy to overlook its lifecycle. In effect, […]

Read More