...
- The claimType of the Claim class is now a "String" instead of a "URI". This might break existing ClaimsHandler implementations in the STS. In addition, the ClaimsHandler interface now returns a List<String> for getSupportedClaimTypes() instead of List<URI>.
- The Claims access control annotations/interceptors now work with JWT tokens (as well as SAML tokens). This resulted in the following package changes:
- ClaimsAuthorizingInterceptor has moved from the cxf-rt-security-saml module to the cxf-rt-security module. The package name of the ClaimsAuthorizingInterceptor has changed: from org.apache.cxf.rt.security.saml.interceptor.ClaimsAuthorizingInterceptor to org.apache.cxf.rt.security.claims.interceptor.ClaimsAuthorizingInterceptor.
- ClaimsAuthorizingFilter has moved from the cxf-rt-rs-security-xml module to the cxf-rt-frontend-jaxrs module. The package name of the ClaimsAuthorizingFilter has changed: from org.apache.cxf.rs.security.saml.authorization.ClaimsAuthorizingFilter to orgto org.apache.cxf.rsjaxrs.security.claims.ClaimsAuthorizingFilter
New Features:
...