THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
For signature verification, we need to supply the VerifySignatureClientFilter and VerifySignatureFilter instances with a MessageVerifier instance. At a minimum, we need to configure the MessageVerifier with a KeyProvider instance, which is an interface which supplies the key required to verify the signature given the "Key Id" present in the message. As per MessageSigner, we can also specify the signature algorithm that is required, as well as the Security Provider. It defaults to the same values as documented for MessageSigner above. We can also specify a list of HTTP headers which must be signed. If no such list is specifiedIn addition to this list, the default behavior is to require that the "digest" header is signed (unless a service request and that method is with a HTTP method of GET or HEAD, and also unless a service response and the status is 204 or not "OK"), as well as the "(request-target)" header for a client request. This default behaviour can be disabled by setting the boolean addDefaultRequiredHeaders property of MessageVerifier to false.
Here is an example from the tests:
...