...
rs.security.signature.key.password.provider | A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys for signature. If this is not specified it falls back to use the RSSEC_KEY_PSWD_PROVIDER"rs.security.key.password.provider". |
rs.security.signature.algorithm | The signature algorithm to use. The default algorithm if not specified is 'RS256'. |
rs.security.signature.out.properties | The signature properties file for compact signature creation. If not specified then it falls back to RSSEC_SIGNATURE_PROPS"rs.security.signature.properties". |
rs.security.signature.in.properties | The signature properties file for compact signature verification. If not specified then it falls back to RSSEC_SIGNATURE_PROPS"rs.security.signature.properties". |
rs.security.signature.properties | The signature properties file for compact signature creation/verification. |
rs.security.signature.out.list.properties | The signature properties file for JSON Serialization signature creation. If not specified then it falls back to RSSEC_SIGNATURE_LIST_PROPS."rs.security.signature.list.properties". |
rs.security.signature.in.list.properties | The signature properties file for JSON Serialization signature verification. If not specified then it falls back to RSSEC_SIGNATURE_LIST_PROPS"rs.security.signature.list.properties". |
rs.security.signature.list.properties | The signature properties file for JSON Serialization signature creation/verification. |
rs.security.signature.include.public.key | Include the JWK public key for signature in the "jwk" header. If not specified then it falls back to "rs.security.include.public.key". |
rs.security.signature.include.cert | Include the X.509 certificate for signature in the "x5c" header. If not specified then it falls back to "rs.security.include.cert". |
rs.security.signature.include.key.id | Include the JWK key id for signature in the "kid" header. If not specified then it falls back to "rs.security.include.key.id". |
rs.security.signature.include.cert.sha1 | Include the X.509 certificate SHA-1 digest for signature in the "x5t" header. If not specified then it falls back to "rs.security.include.cert.sha1"/ |
Encrypting JWK stores
JAX-RS filters can read the keys from encrypted JWK stores. The stores are encrypted inline or in separate storages (files). By default the filters expect that the stores has been encrypted using
...