...
Configuration Tag | Default | Description |
---|---|---|
rs.security.keystore | The Java KeyStore Object to use. This configuration tag is used if you want to pass the KeyStore Object through dynamically. | |
rs.security.keystore.type | JKS | The keystore type. |
rs.security.keystore.password | The password required to access the keystore. | |
rs.security.keystore.alias | The keystore alias corresponding to the key to use. | |
rs.security.keystore.file | The path to the keystore file. | |
rs.security.key.password | The password required to access the private key (in the keystore). | |
rs.security.key.password.provider | A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys. | |
rs.security.signature.out.properties | The signature properties file for Compact or JSON signature creation. If not specified then it falls back to "rs.security.signature.properties". | |
rs.security.signature.in.properties | The signature properties file for Compact or JSON signature verification. If not specified then it falls back to "rs.security.signature.properties". | |
rs.security.signature.properties | The signature properties file for Compact or JSON signature creation/verification. | |
rs.security.signature.algorithm | rsa-sha256 | The signature algorithm to use. |
rs.security.http.signature.key.id | The signature key id. This is a required configuration option on the outbound side. | |
rs.security.http.signature.out.headers | all headers incl "(request-target)" | A list of String values which correspond to the list of HTTP headers that will be signed in the outbound request. |
rs.security.http.signature.in.headers | "(request-target)" for a client request | A list of String values which correspond to the list of HTTP headers that must be signed in the inbound request. |
rs.security.http.signature.digest.algorithm | SHA-256 | The digest algorithm to use when digesting the payload. |
Here is a Java example:
Code Block | ||
---|---|---|
| ||
List<Object> providers = new ArrayList<>(); providers.add(new CreateSignatureClientFilter()); providers.add(new VerifySignatureClientFilter()); String address = "http://localhost:" + PORT + "/httpsigresponse/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/xml").accept("application/xml"); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.signature.out.properties", "org/apache/cxf/systest/jaxrs/security/httpsignature/alice.httpsig.properties"); properties.put("rs.security.signature.in.properties", "org/apache/cxf/systest/jaxrs/security/httpsignature/bob.httpsig.properties"); WebClient.getConfig(client).getRequestContext().putAll(properties); |
...