[jira] [Updated] (CXF-8811) Support useReqSigCert for encrypting the responses from JAX-RS JOSE

Tue, 17 Jan 2023 04:36:12 -0800 


     [ 
https://issues.apache.org/jira/browse/CXF-8811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Markus Haugsdal updated CXF-8811:
---------------------------------
    Description: 
Cloned a similar issue. Is it possible to get this feature for endpoints using 
JAX-RS JOSE? That is, using the JwsSignatureVerifier used to validate the 
signature to encrypt the response.

WS endpoints can get a ws.security.encryption.username property set to 
'useReqSigCert', meaning that the specific client certificate use to create a 
signature of the payload needs to be used for encrypting the outbound payload.

RS endpoints need to support this mode too. Additionally, the in signature and 
encryption interceptors on both the client and server ends need to default 
(two-way POSTs) to using the encryption properties for the signature validation 
and the signature properties for the decryption, in line with the way WS 
endpoints operate.

  was:
WS endpoints can get a ws.security.encryption.username property set to 
'useReqSigCert', meaning that the specific client certificate use to create a 
signature of the payload needs to be used for encrypting the outbound payload.

RS endpoints need to support this mode too. Additionally, the in signature and 
encryption interceptors on both the client and server ends need to default 
(two-way POSTs) to using the encryption properties for the signature validation 
and the signature properties for the decryption, in line with the way WS 
endpoints operate.  


> Support useReqSigCert for encrypting the responses from JAX-RS JOSE  
> ---------------------------------------------------------------------
>
>                 Key: CXF-8811
>                 URL: https://issues.apache.org/jira/browse/CXF-8811
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>            Reporter: Markus Haugsdal
>            Assignee: Sergey Beryozkin
>            Priority: Major
>
> Cloned a similar issue. Is it possible to get this feature for endpoints 
> using JAX-RS JOSE? That is, using the JwsSignatureVerifier used to validate 
> the signature to encrypt the response.
> WS endpoints can get a ws.security.encryption.username property set to 
> 'useReqSigCert', meaning that the specific client certificate use to create a 
> signature of the payload needs to be used for encrypting the outbound payload.
> RS endpoints need to support this mode too. Additionally, the in signature 
> and encryption interceptors on both the client and server ends need to 
> default (two-way POSTs) to using the encryption properties for the signature 
> validation and the signature properties for the decryption, in line with the 
> way WS endpoints operate.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to