After baking in the oven the last few months, Resteasy 2.2 has been released to the world and is available for download.  You can view our documentation here.  We fixed a lot of bugs since the 2.1 release which can be viewed in the release notes of previous beta and RC releases:

Features wise we’re starting to focus on security solutions for RESTful web services.  In this release we focused on a digital signature framework based on DOSETA and DKIM.  I wrote a blog a few months ago about some possible use cases for digital signatures.  It will be interesting to see how people use our digitial signature framework, but more importantly how and if they want to use the DOSETA and DKIM protocols for digital signature propagation.  We are extremely interested in feedback and suggestions for improving the protocol and how it might solve (or not solve) any security use cases you might have.

Beyond that, writing the digital signature framework also helped to flush out the Resteasy interceptor API.  For instance, we found that it was very useful to hold off marshalling header objects into string formats until the stream is written to.  This allowed us to pass information through header objects to the interceptors that are performing signing and verification.  Writing down these requirements will be very applicable to the JAX-RS 2.0 JSR as we’re currently focusing on interceptors there.

What’s Next?

Further 2.x releases will focus mainly on adding security features.  We’re also going to be developing Resteasy 3.0 in parallel.  Here’s some points:

  • message body encryption with both multipart/encrypted and develop a new Content-Encoding. This will also help us flush out interceptors more I think
  • SAML/Picketlink. I think we may be able to integrate with SAML, specifically Picketlink to provide some hub/spoke authentication/authorization.
  • Clean up our OAuth support.
  • JAX-RS 2.0 has started which we will implement in Resteasy 3.0. The client API is shaping out and I might deliver a prototype of it when the next revision is submitted by the JAX-RS spec leads.