Hi
I've worked on CXF-5705, to do with accommodating Clients which can be
authenticated using 2-way TLS only which is recommended for requesting
access tokens like HOK where a key is returned directly in the response.
I've thought a lot of how to accommodate it and I've introduced
ClientCredential bean (type == PASSWORD by default) instead of 'String
clientSecret'. ClientCredential can also be X509CERTIFICATE or PUBLICKEY
for now, the actual credential value can be null in such cases but if
not then the runtime will treat it as a Base64 encoded certificate and
will compare it against TLS certificates.
As such a minor migration effort for 3.0 is expected.
I've also removed a clientSecret property - this causes the duplications
when serializing Client with JSON/etc.
I can restore it as Deprecated if someone wants to keep it for now.
Overall I hope it is the right refactoring toward accommodating all sort
of clients with diff authentication requirements and it is better be
done before 3.0 is out
Any concerns, let me know please
Cheers, Sergey
