VerifySignatureFilter (and VerifySignatureClientFilter) are
both @PreMatching.
As I see it @PreMatching are primarily to be able to alter requests (as in
modifying headers etc):
https://docs.jboss.org/resteasy/docs/3.0.21.Final/userguide/html/Interceptors.html
which is not the case for signature checks (they either allow or abort the
request).

It makes it harder to use the filters since at this stage the target
resource (if any) has not yet been identified - and hence ResourceInfo
can't be used to introspect the target for annotations. I'd like to do that
in order to whitelist certain resources from the signature mechanism by
annotating with meta-data.

Could the @PreMatching be removed?

-- 
--
David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen

Reply via email to