tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From COURTAULT Francois <Francois.Courta...@gemalto.com>
Subject RE: Try to build a JWT sample
Date Mon, 25 Feb 2019 09:18:19 GMT
Hello Jean-Louis,

I have looked at the samples code.
As I am using TomEE 7.1.0 (MP JWT 1.0 compliant), I guess I can't use the mp.jwt.verify.publickey
or mp.jwt.verify.publickey.location and mp.jwt.verify.issuer config properties, right  ?

Instead, I have to write a XXXMPJWTConfigurationProvider class in order to generate a context
info having the public key to  check the JWT signature, right ?

Best Regards.

-----Original Message-----
From: Jean-Louis Monteiro [mailto:jlmonteiro@tomitribe.com]
Sent: samedi 23 février 2019 11:22
To: users@tomee.apache.org
Subject: Re: Try to build a JWT sample

Bonjour François,

Is there a way for you to share the project?
I worked on the JWT implementation and the example, I might be able to help.
--
Jean-Louis Monteiro
https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2Fjlouismonteiro&amp;data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&amp;sdata=ovFBgowFCnAAMD0mMFccdi5ze2SMZPLEPnr9cRDIFqc%3D&amp;reserved=0
https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.tomitribe.com&amp;data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&amp;sdata=we33aDDG%2F2O7KR7Q3yDd7ZyRbgpnYE3p0XEz0OtbjQQ%3D&amp;reserved=0


On Fri, Feb 22, 2019 at 4:56 PM COURTAULT Francois < Francois.Courtault@gemalto.com>
wrote:

> Hello,
>
> I try to build a simple sample using TomEE MP 7.1.0 but I get an error
> and I don't know what's going on or how I can fix that.
> For that, I have read the microprofile-jwt-auth-spec-1.0.pdf, so in my
> war application deployed:
>
> *         I have a public class MPJwtApplication extends Application
> annotated with @LoginConfig(authMethod = "MP-JWT", realmName =
> "TCK-MP-JWT")
>
> *         I have  a resource class  annotated @Path("resources")
> @RequestScoped where I have
>
> o    @Inject private JsonWebToken callerPrincipal;
>
> o    A @GET public Response test () { System.out.println("JsonWebToken:" +
> callerPrincipal + "."); return Response.ok().build();}
>
>
>
> In the war deployed, I also have a beans.xml with the following content:
>
> <?xml version="1.0" encoding="UTF-8"?> <beans
> xmlns="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee&amp;data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&amp;sdata=SguBgQ1i0q3857p347Kz5DUEBQg0rPB87HEf9RhDLfo%3D&amp;reserved=0"
>        xmlns:xsi="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance&amp;data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&amp;sdata=b7SQw7g52Y8goyvKLR78uR9so5q2D%2BPZH5bAMl%2Bsh1Y%3D&amp;reserved=0"
>
> xsi:schemaLocation="https://emea01.safelinks.protection.outlook.com/?u
> rl=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee&amp;data=02%7C01%7CF
> rancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C3
> 7d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&amp;sdata
> =SguBgQ1i0q3857p347Kz5DUEBQg0rPB87HEf9RhDLfo%3D&amp;reserved=0
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee%2Fbeans_1_1.xsd&amp;data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&amp;sdata=UAMyzrxk%2BU2%2BMxNBvKe%2FFGTkQmFj7xq%2BtJC8YFrWWuk%3D&amp;reserved=0"
>        bean-discovery-mode="all">
>
> </beans>
>
>
>
> Using Soap UI, I send a GET HTTP request with an Authorization header:
> bearer <JWT Base 64 encoded>, the error I get is:
>
> 22-Feb-2019 15:32:43.729 WARNING [http-nio-8080-exec-20]
> org.apache.cxf.phase.PhaseInterceptorChain.doDefaultLogging
> Application {
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjwt.
> mp%2F&amp;data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db
> 874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C63
> 6865141334006978&amp;sdata=5gjcfEjv5a%2BqTNyXk1ztdt1pnLE5JIevOexg28%2F
> cWlU%3D&amp;reserved=0}MPJwtResource has thrown exception, unwinding
> now
> org.apache.cxf.interceptor.Fault: WebBeans producer : currentPrincipal
> return type in the component implementation class :
> org.apache.tomee.microprofile.jwt.cdi.MPJWTProducer scope type must be
> @Dependent to create null instance
>
>
>
> I was expecting to have the callerPrincipal set to null but why this
> CDI @Dependent scope error stuff ?
>
>
> Any idea ?
>
> Best Regards.
> ________________________________
> This message and any attachments are intended solely for the
> addressees and may contain confidential information. Any unauthorized
> use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable
> for the message if altered, changed or falsified. If you are not the
> intended recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this
> transmission free from viruses, the sender will not be liable for
> damages caused by a transmitted virus.
>
________________________________
 This message and any attachments are intended solely for the addressees and may contain confidential
information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if
altered, changed or falsified. If you are not the intended recipient of this message, please
delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses,
the sender will not be liable for damages caused by a transmitted virus.
Mime
View raw message