cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-6532) Consider implementing Json Clear Signature spec
Date Wed, 01 Feb 2017 16:37:51 GMT

    [ https://issues.apache.org/jira/browse/CXF-6532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15848595#comment-15848595
] 

Sergey Beryozkin commented on CXF-6532:
---------------------------------------

The question is, given a custom bean, like MyDocument (which may have some properties), how
to intercept the JSON serialization process, so that the signature can be calculated on the
flight and the payload be augmented with the @signature property.

If MyDocument has JAXB annotations and depends on a JAXB XML to JSON conversions then perhaps
we can register a JCS XMLStreamWriter (and XMLStreamReader on the read side) which is possible
for ex with CXF JSONProvider (Jettison based).

If Jackson allows to intercept the serialization process then perhaps it is possible to use
Jackson.

May be the simplest option to start, for POC, is to have CXF filters caching the stream, and
then reading it, adding or validating the signature, and then letting the request flow. 

> Consider implementing Json Clear Signature spec
> -----------------------------------------------
>
>                 Key: CXF-6532
>                 URL: https://issues.apache.org/jira/browse/CXF-6532
>             Project: CXF
>          Issue Type: New Feature
>          Components: JAX-RS Security
>            Reporter: Sergey Beryozkin
>             Fix For: 3.2.0
>
>
> https://cyberphone.github.io/openkeystore/resources/docs/jcs.html



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message