tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TOMEE-2332) MicroProfile JWT Example for JWK
Date Wed, 02 Jan 2019 14:43:00 GMT

    [ https://issues.apache.org/jira/browse/TOMEE-2332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16732110#comment-16732110
] 

ASF GitHub Bot commented on TOMEE-2332:
---------------------------------------

Github user jeanouii commented on a diff in the pull request:

    https://github.com/apache/tomee/pull/342#discussion_r244751685
  
    --- Diff: examples/mp-rest-jwt-jwk/README.adoc ---
    @@ -0,0 +1,76 @@
    += MicroProfile JWT JWKs
    +:index-group: MicroProfile
    +:jbake-type: page
    +:jbake-status: published
    +
    +This is an example on how to use MicroProfile JWT in TomEE by using the
    +public key as JWKs.
    +
    +== Run the application:
    +
    +[source, bash]
    +----
    +mvn clean install tomee:run
    +----
    +
    +This example is a CRUD application for products available.
    +
    +== Requirments and configuration
    +
    +For usage of MicroProfile JWT we have to change the following to our
    +project:
    +
    +[arabic]
    +. Add the dependency to our `pom.xml` file:
    ++
    +....
    +<dependency>
    +    <groupId>org.eclipse.microprofile.jwt</groupId>
    +    <artifactId>microprofile-jwt-auth-api</artifactId>
    +    <version>${mp-jwt.version}</version>
    +    <scope>provided</scope>
    +</dependency>
    +....
    +. Annotate our `Application.class` with `@LoginConfig(authMethod = "MP-JWT")`
    +
    +. Provide public and private key for authentication. And specify the location of the
public key and the issuer in our
    +`microprofile-config.properties` file.
    ++
    +[source,properties]
    +----
    +mp.jwt.verify.publickey.location=/jwks.pem
    +mp.jwt.verify.issuer=https://example.com
    +----
    +
    +. Define `@RolesAllowed()` on the endpoints we want to protect.
    +
    +== About the application architecture
    +
    +The application enables us to manipulate and view products with specific users. We have
two users
    +`Alice Wonder` and `John Doe`. They can read, create, edit and delete specific entries.
    +
    +`jwt-john.json`
    +
    +[source,json]
    +----
    +{
    +  "iss": "https://example.com",
    +  "sub": "24400320",
    +  "name": "John Doe",
    +  "upn": "john.doe@example.com",
    +  "preferred_username": "john",
    +  "groups": [
    +    "guest", "admin"
    +  ]
    +}
    +----
    +
    +== Access the endpoints with JWT token
    +
    +We access endpoints from our test class by creating a `JWT` with the help of
    +our `TokenUtils.generateJWTString(String jsonResource, String keyId)` which signs our
user
    +data in json format with the help of our `src/test/resources/{keyId}` key.
    --- End diff --
    
    This is where you need the private key, but this is for testing purpose to generate a
valide and signed JWT


> MicroProfile JWT Example for JWK
> --------------------------------
>
>                 Key: TOMEE-2332
>                 URL: https://issues.apache.org/jira/browse/TOMEE-2332
>             Project: TomEE
>          Issue Type: Sub-task
>            Reporter: Roberto Cortez
>            Assignee: Mitja Jeseni─Źnik Kotnik
>            Priority: Major
>              Labels: pull-request-available
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message