VerifySignatureFilter (and VerifySignatureClientFilter) are both @PreMatching. As I see it @PreMatching are primarily to be able to alter requests (as in modifying headers etc): https://docs.jboss.org/resteasy/docs/3.0.21.Final/userguide/html/Interceptors.html which is not the case for signature checks (they either allow or abort the request).
It makes it harder to use the filters since at this stage the target resource (if any) has not yet been identified - and hence ResourceInfo can't be used to introspect the target for annotations. I'd like to do that in order to whitelist certain resources from the signature mechanism by annotating with meta-data. Could the @PreMatching be removed? -- -- David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
