Client framework is not signing GET requests. I believe this happens because DigitalSigningHeaderDecorator and DigitalSigningInterceptor both implements MessageBodyWriterInterceptor and, as a GET request is not allowed to have body, they are not executed in GET requests. I believe this is a bug or, at least, an undesired feature. Being able to sign GET requests is necessary to effectively use DOSETA as an authentication mechanism as described in http://bill.burkecentral.com/2011/02/21/multiple-uses-for-content-signature/