Package org.apache.cxf.rs.security.httpsignature

Class HTTPSignatureConstants

  • public final class HTTPSignatureConstants
extends RSSecurityConstants
    Some security constants to be used with HTTP Signature.

    • Field Detail

      • RSSEC_HTTP_SIGNATURE_KEY_ID

        public static final String RSSEC_HTTP_SIGNATURE_KEY_ID
        The signature key id. This is a required configuration option on the outbound side.
        See Also:
        Constant Field Values

      • RSSEC_HTTP_SIGNATURE_OUT_HEADERS

        public static final String RSSEC_HTTP_SIGNATURE_OUT_HEADERS
        This is a list of String values which correspond to the list of HTTP headers that will be signed in the outbound request. The default is to sign all message headers. In addition, by default a client will include "(request-target)" in the signed headers list.
        See Also:
        Constant Field Values

      • RSSEC_HTTP_SIGNATURE_IN_HEADERS

        public static final String RSSEC_HTTP_SIGNATURE_IN_HEADERS
        This is a list of String values which correspond to the list of HTTP headers that must be signed in the inbound request. By default, a client request must sign "(request-target)". In addition, both a client request and service response must sign "digest", unless it is a GET request.
        See Also:
        Constant Field Values

      • RSSEC_HTTP_SIGNATURE_DIGEST_ALGORITHM

        public static final String RSSEC_HTTP_SIGNATURE_DIGEST_ALGORITHM
        The digest algorithm to use when digesting the payload. The default algorithm if not specified is "SHA-256".
        See Also:
        Constant Field Values