[
https://issues.apache.org/jira/browse/CXF-6532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15848595#comment-15848595
]
Sergey Beryozkin commented on CXF-6532:
---------------------------------------
The question is, given a custom bean, like MyDocument (which may have some
properties), how to intercept the JSON serialization process, so that the
signature can be calculated on the flight and the payload be augmented with the
@signature property.
If MyDocument has JAXB annotations and depends on a JAXB XML to JSON
conversions then perhaps we can register a JCS XMLStreamWriter (and
XMLStreamReader on the read side) which is possible for ex with CXF
JSONProvider (Jettison based).
If Jackson allows to intercept the serialization process then perhaps it is
possible to use Jackson.
May be the simplest option to start, for POC, is to have CXF filters caching
the stream, and then reading it, adding or validating the signature, and then
letting the request flow.
> Consider implementing Json Clear Signature spec
> -----------------------------------------------
>
> Key: CXF-6532
> URL: https://issues.apache.org/jira/browse/CXF-6532
> Project: CXF
> Issue Type: New Feature
> Components: JAX-RS Security
> Reporter: Sergey Beryozkin
> Fix For: 3.2.0
>
>
> https://cyberphone.github.io/openkeystore/resources/docs/jcs.html
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
