Encrypting data for RESTful services using Jersey

I am using Jersey for my RESTful web service development. I already have configured SSL for Point to Point security...but I need some application level security (end to end), for which I guess encryption is the only way to go. Are there some encryption features in-built with Jersey for encrypting the XML/JSON I am sending to my clients ? Or maybe a third-party Java filter which can help me in this case ??

If I get nothing, I guess I may have to write code for encrypting the objects before serializing it into XML/JSON through Jersey...but I guess this would be painful and far less efficient.

Any thoughts would be appreciated on this topic. I want my RESTful services to be as secure as 开发者_开发问答those offered by the SOAP WS Security standards.

Thanks a lot !

If you are having to put everything on the URL for your RESTful service then you will probably run into a limit on how long the url can be when you encrypt.

I tend to use BouncyCastle (http://www.bouncycastle.org/) for my encryption, but that is because they support Java and .NET.

But, why are you concerned that SSL may not be enough security?

If the concern is that you want to verify whom sent it then you may want to just have the sender create a digital signature and append that, so that you can verify their signature.

I'm not sure why SSL alone doesn't meet your needs (isn't "point to point" the same thing as "end to end"?) but the Keyczar encryption library (open sourced by Google) looks very easy to use.