You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cxf.apache.org by David Karlsen <da...@gmail.com> on 2019/04/02 20:01:00 UTC

VerifySignatureFilter phase

VerifySignatureFilter (and VerifySignatureClientFilter) are
both @PreMatching.
As I see it @PreMatching are primarily to be able to alter requests (as in
modifying headers etc):
https://docs.jboss.org/resteasy/docs/3.0.21.Final/userguide/html/Interceptors.html
which is not the case for signature checks (they either allow or abort the
request).

It makes it harder to use the filters since at this stage the target
resource (if any) has not yet been identified - and hence ResourceInfo
can't be used to introspect the target for annotations. I'd like to do that
in order to whitelist certain resources from the signature mechanism by
annotating with meta-data.

Could the @PreMatching be removed?

-- 
--
David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen