...
rs.security.keystore.type | The keystore type. Suitable values are "jks" or "jwk". |
rs.security.keystore.password | The password required to access the keystore. |
rs.security.keystore.alias | The keystore alias corresponding to the key to use. You can append one of the following to this tag to get the alias for more specific operations: - jwe.out - jwe.in - jws.out - jws.in |
rs.security.keystore.aliases | The keystore aliases corresponding to the keys to use, when using the JSON serialization form. You can append one of the following to this tag to get the alias for more specific operations: - jws.out - jws.in |
rs.security.keystore.file | The path to the keystore file. |
rs.security.key.password | The password required to access the private key (in the keystore). |
rs.security.key.password.provider | A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys. |
rs.security.include.public.key | Include the JWK public key (for signature or encryption) in the "jwk" header. |
rs.security.include.cert | Include the X.509 certificate (for signature or encryption) in the "x5c" header. |
rs.security.include.key.id | Include the JWK key id (for signature or encryption) in the "kid" header. |
rs.security.include.cert.sha1 | Include the X.509 certificate SHA-1 digest (for signature or encryption) in the "x5t" header. |
rs.security.accept.public.key | Whether to allow using a JWK received in the header for signature validation. The default is "false". |
Configuration that applies to signature only
rs.security.signature.key.password.provider | A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys for signature. If this is not specified it falls back to use the RSSEC_KEY_PSWD_PROVIDER. |
rs.security.signature.algorithm | The signature algorithm to use. The default algorithm if not specified is 'RS256'. |
rs.security.signature.out.properties | The signature properties file for compact signature creation. If not specified then it falls back to RSSEC_SIGNATURE_PROPS. |
rs.security.signature.in.properties | The signature properties file for compact signature verification. If not specified then it falls back to RSSEC_SIGNATURE_PROPS. |
rs.security.signature.properties | The signature properties file for compact signature creation/verification. |
rs.security.signature.out.list.properties | The signature properties file for JSON Serialization signature creation. If not specified then it falls back to RSSEC_SIGNATURE_LIST_PROPS. |
rs.security.signature.in.list.properties | The signature properties file for JSON Serialization signature verification. If not specified then it falls back to RSSEC_SIGNATURE_LIST_PROPS. |
rs.security.signature.list.properties | The signature properties file for JSON Serialization signature creation/verification. |
rs.security.signature.include.public.key | Include the JWK public key for signature in the "jwk" header. |
rs.security.signature.include.cert | Include the X.509 certificate for signature in the "x5c" header. |
rs.security.signature.include.key.id | Include the JWK key id for signature in the "kid" header. |
rs.security.signature.include.cert.sha1 | Include the X.509 certificate SHA-1 digest for signature in the "x5t" header. |
Encrypting JWK stores
JAX-RS filters can read the keys from encrypted JWK stores. The stores are encrypted inline or in separate storages (files). By default the filters expect that the stores has been encrypted using
...