You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by jl...@apache.org on 2018/04/30 14:34:02 UTC
[1/3] tomee git commit: Backport MicroProfile from fb_tomee8 branch
Repository: tomee
Updated Branches:
refs/heads/tomee-7.1.x 6bcf91d1c -> c456f4bed
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tomee/tomee-microprofile-webapp/src/main/resources/META-INF/LICENSE
----------------------------------------------------------------------
diff --git a/tomee/tomee-microprofile-webapp/src/main/resources/META-INF/LICENSE b/tomee/tomee-microprofile-webapp/src/main/resources/META-INF/LICENSE
new file mode 100644
index 0000000..b71e72c
--- /dev/null
+++ b/tomee/tomee-microprofile-webapp/src/main/resources/META-INF/LICENSE
@@ -0,0 +1,1197 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+=========================================================================
+ - W3C Schemas
+ License: W3C Software Notice and License
+-------------------------------------------------------------------------
+
+W3C¨ SOFTWARE NOTICE AND LICENSE
+Copyright © 1994-2014 World Wide Web Consortium, (Massachusetts Institute of
+Technology, Institut National de Recherche en Informatique et en Automatique,
+Keio University). All Rights Reserved. http://www.w3.org/Consortium/Legal/
+
+This W3C work (including software, documents, or other related items) is
+being provided by the copyright holders under the following license. By
+obtaining, using and/or copying this work, you (the licensee) agree that you
+have read, understood, and will comply with the following terms and
+conditions:
+
+Permission to use, copy, modify, and distribute this software and its
+documentation, with or without modification, for any purpose and without
+fee or royalty is hereby granted, provided that you include the following on
+ALL copies of the software and documentation or portions thereof, including
+modifications, that you make:
+
+ 1. The full text of this NOTICE in a location viewable to users of the
+ redistributed or derivative work.
+ 2. Any pre-existing intellectual property disclaimers, notices, or terms
+ and conditions. If none exist, a short notice of the following form
+ (hypertext is preferred, text is permitted) should be used within
+ the body of any redistributed or derivative code: "Copyright ©
+ [$date-of-software] World Wide Web Consortium, (Massachusetts Institute
+ of Technology, Institut National de Recherche en Informatique et en
+ Automatique, Keio University). All Rights Reserved.
+ http://www.w3.org/Consortium/Legal/"
+ 3. Notice of any changes or modifications to the W3C files, including the
+ date changes were made. (We recommend you provide URIs to the location
+ from which the code is derived.)
+
+THIS SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS," AND COPYRIGHT HOLDERS MAKE
+NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT
+THE USE OF THE SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY PATENTS,
+COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+
+COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE SOFTWARE OR DOCUMENTATION.
+
+The name and trademarks of copyright holders may NOT be used in advertising or
+publicity pertaining to the software without specific, written prior permission.
+Title to copyright in this software and any associated documentation will at all
+times remain with copyright holders.
+
+
+=========================================================================
+ - HSQLDB (http://hsqldb.org/) org.hsqldb:hsqldb:jar:224
+ License: HSQLDB License (http://hsqldb.org/web/hsqlLicense.html)
+-------------------------------------------------------------------------
+
+For work developed by the HSQL Development Group:
+
+Copyright (c) 2001-2014, The HSQL Development Group
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+
+Neither the name of the HSQL Development Group nor the names of its
+contributors may be used to endorse or promote products derived from this
+software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL HSQL DEVELOPMENT GROUP, HSQLDB.ORG,
+OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+For work originally developed by the Hypersonic SQL Group:
+
+Copyright (c) 1995-2000 by the Hypersonic SQL Group.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+
+Neither the name of the Hypersonic SQL Group nor the names of its
+contributors may be used to endorse or promote products derived from this
+software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE HYPERSONIC SQL GROUP,
+OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+This software consists of voluntary contributions made by many individuals on behalf of the
+Hypersonic SQL Group.
+
+=========================================================================
+ - Serp (http://serp.sourceforge.net) net.sourceforge.serp:serp:jar:1.13.1
+ License: BSD (LICENSE.txt)
+-------------------------------------------------------------------------
+
+Copyright (c) 2002, A. Abram White
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+* Neither the name of 'serp' nor the names of its contributors may
+ be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+=========================================================================
+ - WSDL4J (http://sf.net/projects/wsdl4j) wsdl4j:wsdl4j:jar:1.6.2
+ License: CPL (http://www.opensource.org/licenses/cpl1.0.txt)
+-------------------------------------------------------------------------
+
+Common Public License Version 1.0
+
+THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS COMMON PUBLIC
+LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE PROGRAM
+CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
+
+1. DEFINITIONS
+
+"Contribution" means:
+
+a) in the case of the initial Contributor, the initial code and
+documentation distributed under this Agreement, and
+
+b) in the case of each subsequent Contributor:
+
+i) changes to the Program, and
+
+ii) additions to the Program;
+
+where such changes and/or additions to the Program originate from and are
+distributed by that particular Contributor. A Contribution 'originates' from a
+Contributor if it was added to the Program by such Contributor itself or anyone
+acting on such Contributor's behalf. Contributions do not include additions to
+the Program which: (i) are separate modules of software distributed in
+conjunction with the Program under their own license agreement, and (ii) are not
+derivative works of the Program.
+
+"Contributor" means any person or entity that distributes the Program.
+
+"Licensed Patents " mean patent claims licensable by a Contributor which are
+necessarily infringed by the use or sale of its Contribution alone or when
+combined with the Program.
+
+"Program" means the Contributions distributed in accordance with this Agreement.
+
+"Recipient" means anyone who receives the Program under this Agreement,
+including all Contributors.
+
+2. GRANT OF RIGHTS
+
+a) Subject to the terms of this Agreement, each Contributor hereby grants
+Recipient a non-exclusive, worldwide, royalty-free copyright license to
+reproduce, prepare derivative works of, publicly display, publicly perform,
+distribute and sublicense the Contribution of such Contributor, if any, and such
+derivative works, in source code and object code form.
+
+b) Subject to the terms of this Agreement, each Contributor hereby grants
+Recipient a non-exclusive, worldwide, royalty-free patent license under Licensed
+Patents to make, use, sell, offer to sell, import and otherwise transfer the
+Contribution of such Contributor, if any, in source code and object code form.
+This patent license shall apply to the combination of the Contribution and the
+Program if, at the time the Contribution is added by the Contributor, such
+addition of the Contribution causes such combination to be covered by the
+Licensed Patents. The patent license shall not apply to any other combinations
+which include the Contribution. No hardware per se is licensed hereunder.
+
+c) Recipient understands that although each Contributor grants the licenses
+to its Contributions set forth herein, no assurances are provided by any
+Contributor that the Program does not infringe the patent or other intellectual
+property rights of any other entity. Each Contributor disclaims any liability to
+Recipient for claims brought by any other entity based on infringement of
+intellectual property rights or otherwise. As a condition to exercising the
+rights and licenses granted hereunder, each Recipient hereby assumes sole
+responsibility to secure any other intellectual property rights needed, if any.
+For example, if a third party patent license is required to allow Recipient to
+distribute the Program, it is Recipient's responsibility to acquire that license
+before distributing the Program.
+
+d) Each Contributor represents that to its knowledge it has sufficient
+copyright rights in its Contribution, if any, to grant the copyright license set
+forth in this Agreement.
+
+3. REQUIREMENTS
+
+A Contributor may choose to distribute the Program in object code form under its
+own license agreement, provided that:
+
+a) it complies with the terms and conditions of this Agreement; and
+
+b) its license agreement:
+
+i) effectively disclaims on behalf of all Contributors all warranties and
+conditions, express and implied, including warranties or conditions of title and
+non-infringement, and implied warranties or conditions of merchantability and
+fitness for a particular purpose;
+
+ii) effectively excludes on behalf of all Contributors all liability for
+damages, including direct, indirect, special, incidental and consequential
+damages, such as lost profits;
+
+iii) states that any provisions which differ from this Agreement are offered
+by that Contributor alone and not by any other party; and
+
+iv) states that source code for the Program is available from such
+Contributor, and informs licensees how to obtain it in a reasonable manner on or
+through a medium customarily used for software exchange.
+
+When the Program is made available in source code form:
+
+a) it must be made available under this Agreement; and
+
+b) a copy of this Agreement must be included with each copy of the Program.
+
+Contributors may not remove or alter any copyright notices contained within the
+Program.
+
+Each Contributor must identify itself as the originator of its Contribution, if
+any, in a manner that reasonably allows subsequent Recipients to identify the
+originator of the Contribution.
+
+4. COMMERCIAL DISTRIBUTION
+
+Commercial distributors of software may accept certain responsibilities with
+respect to end users, business partners and the like. While this license is
+intended to facilitate the commercial use of the Program, the Contributor who
+includes the Program in a commercial product offering should do so in a manner
+which does not create potential liability for other Contributors. Therefore, if
+a Contributor includes the Program in a commercial product offering, such
+Contributor ("Commercial Contributor") hereby agrees to defend and indemnify
+every other Contributor ("Indemnified Contributor") against any losses, damages
+and costs (collectively "Losses") arising from claims, lawsuits and other legal
+actions brought by a third party against the Indemnified Contributor to the
+extent caused by the acts or omissions of such Commercial Contributor in
+connection with its distribution of the Program in a commercial product
+offering. The obligations in this section do not apply to any claims or Losses
+relating to any actual or alleged intellectual property infringement. In order
+to qualify, an Indemnified Contributor must: a) promptly notify the Commercial
+Contributor in writing of such claim, and b) allow the Commercial Contributor to
+control, and cooperate with the Commercial Contributor in, the defense and any
+related settlement negotiations. The Indemnified Contributor may participate in
+any such claim at its own expense.
+
+For example, a Contributor might include the Program in a commercial product
+offering, Product X. That Contributor is then a Commercial Contributor. If that
+Commercial Contributor then makes performance claims, or offers warranties
+related to Product X, those performance claims and warranties are such
+Commercial Contributor's responsibility alone. Under this section, the
+Commercial Contributor would have to defend claims against the other
+Contributors related to those performance claims and warranties, and if a court
+requires any other Contributor to pay any damages as a result, the Commercial
+Contributor must pay those damages.
+
+5. NO WARRANTY
+
+EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED ON AN
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
+IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE,
+NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each
+Recipient is solely responsible for determining the appropriateness of using and
+distributing the Program and assumes all risks associated with its exercise of
+rights under this Agreement, including but not limited to the risks and costs of
+program errors, compliance with applicable laws, damage to or loss of data,
+programs or equipment, and unavailability or interruption of operations.
+
+6. DISCLAIMER OF LIABILITY
+
+EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY
+CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST
+PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS
+GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+7. GENERAL
+
+If any provision of this Agreement is invalid or unenforceable under applicable
+law, it shall not affect the validity or enforceability of the remainder of the
+terms of this Agreement, and without further action by the parties hereto, such
+provision shall be reformed to the minimum extent necessary to make such
+provision valid and enforceable.
+
+If Recipient institutes patent litigation against a Contributor with respect to
+a patent applicable to software (including a cross-claim or counterclaim in a
+lawsuit), then any patent licenses granted by that Contributor to such Recipient
+under this Agreement shall terminate as of the date such litigation is filed. In
+addition, if Recipient institutes patent litigation against any entity
+(including a cross-claim or counterclaim in a lawsuit) alleging that the Program
+itself (excluding combinations of the Program with other software or hardware)
+infringes such Recipient's patent(s), then such Recipient's rights granted under
+Section 2(b) shall terminate as of the date such litigation is filed.
+
+All Recipient's rights under this Agreement shall terminate if it fails to
+comply with any of the material terms or conditions of this Agreement and does
+not cure such failure in a reasonable period of time after becoming aware of
+such noncompliance. If all Recipient's rights under this Agreement terminate,
+Recipient agrees to cease use and distribution of the Program as soon as
+reasonably practicable. However, Recipient's obligations under this Agreement
+and any licenses granted by Recipient relating to the Program shall continue and
+survive.
+
+Everyone is permitted to copy and distribute copies of this Agreement, but in
+order to avoid inconsistency the Agreement is copyrighted and may only be
+modified in the following manner. The Agreement Steward reserves the right to
+publish new versions (including revisions) of this Agreement from time to time.
+No one other than the Agreement Steward has the right to modify this Agreement.
+IBM is the initial Agreement Steward. IBM may assign the responsibility to serve
+as the Agreement Steward to a suitable separate entity. Each new version of the
+Agreement will be given a distinguishing version number. The Program (including
+Contributions) may always be distributed subject to the version of the Agreement
+under which it was received. In addition, after a new version of the Agreement
+is published, Contributor may elect to distribute the Program (including its
+Contributions) under the new version. Except as expressly stated in Sections
+2(a) and 2(b) above, Recipient receives no rights or licenses to the
+intellectual property of any Contributor under this Agreement, whether
+expressly, by implication, estoppel or otherwise. All rights in the Program not
+expressly granted under this Agreement are reserved.
+
+This Agreement is governed by the laws of the State of New York and the
+intellectual property laws of the United States of America. No party to this
+Agreement will bring a legal action under this Agreement more than one year
+after the cause of action arose. Each party waives its rights to a jury trial in
+any resulting litigation.
+
+
+=========================================================================
+ - HOWL logger (http://forge.objectweb.org/projects/howl/) org.objectweb.howl:howl:jar:1.0.1-1
+ License: BSD
+-------------------------------------------------------------------------
+
+Copyright (c) 2004, Bull S.A.
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ * Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+=========================================================================
+ - SLF4J API Module (http://www.slf4j.org) org.slf4j:slf4j-api:jar:1.6.1
+ - SLF4J LOG4J-12 Binding (http://www.slf4j.org) org.slf4j:slf4j-log4j12:jar:1.6.1
+ License: MIT License (http://www.opensource.org/licenses/mit-license.php)
+-------------------------------------------------------------------------
+
+Copyright (c) 2004-2014 QOS.ch
+ All rights reserved.
+
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+=========================================================================
+ - Apache XBean :: ASM shaded (repackaged) org.apache.xbean:xbean-asm-shaded:bundle:3.8
+ License: BSD (http://asm.ow2.org/license.html)
+-------------------------------------------------------------------------
+
+Copyright (c) 2000-2014 INRIA, France Telecom
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holders nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+
+
+=========================================================================
+ - JSTL, JSP, Java EE Schemas
+ License: CDDL
+-------------------------------------------------------------------------
+
+COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
+
+1. Definitions.
+
+1.1. "Contributor" means each individual or entity that
+creates or contributes to the creation of Modifications.
+
+1.2. "Contributor Version" means the combination of the
+Original Software, prior Modifications used by a
+Contributor (if any), and the Modifications made by that
+particular Contributor.
+
+1.3. "Covered Software" means (a) the Original Software, or
+(b) Modifications, or (c) the combination of files
+containing Original Software with files containing
+Modifications, in each case including portions thereof.
+
+1.4. "Executable" means the Covered Software in any form
+other than Source Code.
+
+1.5. "Initial Developer" means the individual or entity
+that first makes Original Software available under this
+License.
+
+1.6. "Larger Work" means a work which combines Covered
+Software or portions thereof with code not governed by the
+terms of this License.
+
+1.7. "License" means this document.
+
+1.8. "Licensable" means having the right to grant, to the
+maximum extent possible, whether at the time of the initial
+grant or subsequently acquired, any and all of the rights
+conveyed herein.
+
+1.9. "Modifications" means the Source Code and Executable
+form of any of the following:
+
+A. Any file that results from an addition to,
+deletion from or modification of the contents of a
+file containing Original Software or previous
+Modifications;
+
+B. Any new file that contains any part of the
+Original Software or previous Modification; or
+
+C. Any new file that is contributed or otherwise made
+available under the terms of this License.
+
+1.10. "Original Software" means the Source Code and
+Executable form of computer software code that is
+originally released under this License.
+
+1.11. "Patent Claims" means any patent claim(s), now owned
+or hereafter acquired, including without limitation,
+method, process, and apparatus claims, in any patent
+Licensable by grantor.
+
+1.12. "Source Code" means (a) the common form of computer
+software code in which modifications are made and (b)
+associated documentation included in or with such code.
+
+1.13. "You" (or "Your") means an individual or a legal
+entity exercising rights under, and complying with all of
+the terms of, this License. For legal entities, "You"
+includes any entity which controls, is controlled by, or is
+under common control with You. For purposes of this
+definition, "control" means (a) the power, direct or
+indirect, to cause the direction or management of such
+entity, whether by contract or otherwise, or (b) ownership
+of more than fifty percent (50%) of the outstanding shares
+or beneficial ownership of such entity.
+
+2. License Grants.
+
+2.1. The Initial Developer Grant.
+
+Conditioned upon Your compliance with Section 3.1 below and
+subject to third party intellectual property claims, the
+Initial Developer hereby grants You a world-wide,
+royalty-free, non-exclusive license:
+
+(a) under intellectual property rights (other than
+patent or trademark) Licensable by Initial Developer,
+to use, reproduce, modify, display, perform,
+sublicense and distribute the Original Software (or
+portions thereof), with or without Modifications,
+and/or as part of a Larger Work; and
+
+(b) under Patent Claims infringed by the making,
+using or selling of Original Software, to make, have
+made, use, practice, sell, and offer for sale, and/or
+otherwise dispose of the Original Software (or
+portions thereof).
+
+(c) The licenses granted in Sections 2.1(a) and (b)
+are effective on the date Initial Developer first
+distributes or otherwise makes the Original Software
+available to a third party under the terms of this
+License.
+
+(d) Notwithstanding Section 2.1(b) above, no patent
+license is granted: (1) for code that You delete from
+the Original Software, or (2) for infringements
+caused by: (i) the modification of the Original
+Software, or (ii) the combination of the Original
+Software with other software or devices.
+
+2.2. Contributor Grant.
+
+Conditioned upon Your compliance with Section 3.1 below and
+subject to third party intellectual property claims, each
+Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than
+patent or trademark) Licensable by Contributor to
+use, reproduce, modify, display, perform, sublicense
+and distribute the Modifications created by such
+Contributor (or portions thereof), either on an
+unmodified basis, with other Modifications, as
+Covered Software and/or as part of a Larger Work; and
+
+(b) under Patent Claims infringed by the making,
+using, or selling of Modifications made by that
+Contributor either alone and/or in combination with
+its Contributor Version (or portions of such
+combination), to make, use, sell, offer for sale,
+have made, and/or otherwise dispose of: (1)
+Modifications made by that Contributor (or portions
+thereof); and (2) the combination of Modifications
+made by that Contributor with its Contributor Version
+(or portions of such combination).
+
+(c) The licenses granted in Sections 2.2(a) and
+2.2(b) are effective on the date Contributor first
+distributes or otherwise makes the Modifications
+available to a third party.
+
+(d) Notwithstanding Section 2.2(b) above, no patent
+license is granted: (1) for any code that Contributor
+has deleted from the Contributor Version; (2) for
+infringements caused by: (i) third party
+modifications of Contributor Version, or (ii) the
+combination of Modifications made by that Contributor
+with other software (except as part of the
+Contributor Version) or other devices; or (3) under
+Patent Claims infringed by Covered Software in the
+absence of Modifications made by that Contributor.
+
+3. Distribution Obligations.
+
+3.1. Availability of Source Code.
+
+Any Covered Software that You distribute or otherwise make
+available in Executable form must also be made available in
+Source Code form and that Source Code form must be
+distributed only under the terms of this License. You must
+include a copy of this License with every copy of the
+Source Code form of the Covered Software You distribute or
+otherwise make available. You must inform recipients of any
+such Covered Software in Executable form as to how they can
+obtain such Covered Software in Source Code form in a
+reasonable manner on or through a medium customarily used
+for software exchange.
+
+3.2. Modifications.
+
+The Modifications that You create or to which You
+contribute are governed by the terms of this License. You
+represent that You believe Your Modifications are Your
+original creation(s) and/or You have sufficient rights to
+grant the rights conveyed by this License.
+
+3.3. Required Notices.
+
+You must include a notice in each of Your Modifications
+that identifies You as the Contributor of the Modification.
+You may not remove or alter any copyright, patent or
+trademark notices contained within the Covered Software, or
+any notices of licensing or any descriptive text giving
+attribution to any Contributor or the Initial Developer.
+
+3.4. Application of Additional Terms.
+
+You may not offer or impose any terms on any Covered
+Software in Source Code form that alters or restricts the
+applicable version of this License or the recipients'
+rights hereunder. You may choose to offer, and to charge a
+fee for, warranty, support, indemnity or liability
+obligations to one or more recipients of Covered Software.
+However, you may do so only on Your own behalf, and not on
+behalf of the Initial Developer or any Contributor. You
+must make it absolutely clear that any such warranty,
+support, indemnity or liability obligation is offered by
+You alone, and You hereby agree to indemnify the Initial
+Developer and every Contributor for any liability incurred
+by the Initial Developer or such Contributor as a result of
+warranty, support, indemnity or liability terms You offer.
+
+3.5. Distribution of Executable Versions.
+
+You may distribute the Executable form of the Covered
+Software under the terms of this License or under the terms
+of a license of Your choice, which may contain terms
+different from this License, provided that You are in
+compliance with the terms of this License and that the
+license for the Executable form does not attempt to limit
+or alter the recipient's rights in the Source Code form
+from the rights set forth in this License. If You
+distribute the Covered Software in Executable form under a
+different license, You must make it absolutely clear that
+any terms which differ from this License are offered by You
+alone, not by the Initial Developer or Contributor. You
+hereby agree to indemnify the Initial Developer and every
+Contributor for any liability incurred by the Initial
+Developer or such Contributor as a result of any such terms
+You offer.
+
+3.6. Larger Works.
+
+You may create a Larger Work by combining Covered Software
+with other code not governed by the terms of this License
+and distribute the Larger Work as a single product. In such
+a case, You must make sure the requirements of this License
+are fulfilled for the Covered Software.
+
+4. Versions of the License.
+
+4.1. New Versions.
+
+Sun Microsystems, Inc. is the initial license steward and
+may publish revised and/or new versions of this License
+from time to time. Each version will be given a
+distinguishing version number. Except as provided in
+Section 4.3, no one other than the license steward has the
+right to modify this License.
+
+4.2. Effect of New Versions.
+
+You may always continue to use, distribute or otherwise
+make the Covered Software available under the terms of the
+version of the License under which You originally received
+the Covered Software. If the Initial Developer includes a
+notice in the Original Software prohibiting it from being
+distributed or otherwise made available under any
+subsequent version of the License, You must distribute and
+make the Covered Software available under the terms of the
+version of the License under which You originally received
+the Covered Software. Otherwise, You may also choose to
+use, distribute or otherwise make the Covered Software
+available under the terms of any subsequent version of the
+License published by the license steward.
+
+4.3. Modified Versions.
+
+When You are an Initial Developer and You want to create a
+new license for Your Original Software, You may create and
+use a modified version of this License if You: (a) rename
+the license and remove any references to the name of the
+license steward (except to note that the license differs
+from this License); and (b) otherwise make it clear that
+the license contains terms which differ from this License.
+
+5. DISCLAIMER OF WARRANTY.
+
+COVERED SOFTWARE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS"
+BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
+INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED
+SOFTWARE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR
+PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND
+PERFORMANCE OF THE COVERED SOFTWARE IS WITH YOU. SHOULD ANY
+COVERED SOFTWARE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE
+INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF
+ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF
+WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF
+ANY COVERED SOFTWARE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS
+DISCLAIMER.
+
+6. TERMINATION.
+
+6.1. This License and the rights granted hereunder will
+terminate automatically if You fail to comply with terms
+herein and fail to cure such breach within 30 days of
+becoming aware of the breach. Provisions which, by their
+nature, must remain in effect beyond the termination of
+this License shall survive.
+
+6.2. If You assert a patent infringement claim (excluding
+declaratory judgment actions) against Initial Developer or
+a Contributor (the Initial Developer or Contributor against
+whom You assert such claim is referred to as "Participant")
+alleging that the Participant Software (meaning the
+Contributor Version where the Participant is a Contributor
+or the Original Software where the Participant is the
+Initial Developer) directly or indirectly infringes any
+patent, then any and all rights granted directly or
+indirectly to You by such Participant, the Initial
+Developer (if the Initial Developer is not the Participant)
+and all Contributors under Sections 2.1 and/or 2.2 of this
+License shall, upon 60 days notice from Participant
+terminate prospectively and automatically at the expiration
+of such 60 day notice period, unless if within such 60 day
+period You withdraw Your claim with respect to the
+Participant Software against such Participant either
+unilaterally or pursuant to a written agreement with
+Participant.
+
+6.3. In the event of termination under Sections 6.1 or 6.2
+above, all end user licenses that have been validly granted
+by You or any distributor hereunder prior to termination
+(excluding licenses granted to You by any distributor)
+shall survive termination.
+
+7. LIMITATION OF LIABILITY.
+
+UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT
+(INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE
+INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF
+COVERED SOFTWARE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE
+LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR
+CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT
+LIMITATION, DAMAGES FOR LOST PROFITS, LOSS OF GOODWILL, WORK
+STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER
+COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN
+INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF
+LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL
+INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT
+APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO
+NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR
+CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT
+APPLY TO YOU.
+
+8. U.S. GOVERNMENT END USERS.
+
+The Covered Software is a "commercial item," as that term is
+defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial
+computer software" (as that term is defined at 48 C.F.R. ?
+252.227-7014(a)(1)) and "commercial computer software
+documentation" as such terms are used in 48 C.F.R. 12.212 (Sept.
+1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1
+through 227.7202-4 (June 1995), all U.S. Government End Users
+acquire Covered Software with only those rights set forth herein.
+This U.S. Government Rights clause is in lieu of, and supersedes,
+any other FAR, DFAR, or other clause or provision that addresses
+Government rights in computer software under this License.
+
+9. MISCELLANEOUS.
+
+This License represents the complete agreement concerning subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the
+extent necessary to make it enforceable. This License shall be
+governed by the law of the jurisdiction specified in a notice
+contained within the Original Software (except to the extent
+applicable law, if any, provides otherwise), excluding such
+jurisdiction's conflict-of-law provisions. Any litigation
+relating to this License shall be subject to the jurisdiction of
+the courts located in the jurisdiction and venue specified in a
+notice contained within the Original Software, with the losing
+party responsible for costs, including, without limitation, court
+costs and reasonable attorneys' fees and expenses. The
+application of the United Nations Convention on Contracts for the
+International Sale of Goods is expressly excluded. Any law or
+regulation which provides that the language of a contract shall
+be construed against the drafter shall not apply to this License.
+You agree that You alone are responsible for compliance with the
+United States export administration regulations (and the export
+control laws and regulation of any other countries) when You use,
+distribute or otherwise make available any Covered Software.
+
+10. RESPONSIBILITY FOR CLAIMS.
+
+As between Initial Developer and the Contributors, each party is
+responsible for claims and damages arising, directly or
+indirectly, out of its utilization of rights under this License
+and You agree to work with Initial Developer and Contributors to
+distribute such responsibility on an equitable basis. Nothing
+herein is intended or shall be deemed to constitute any admission
+of liability.
+
+============================================================
+el-api, istack
+
+The GNU General Public License (GPL) Version 2, June 1991
+
+Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+Everyone is permitted to copy and distribute verbatim copies
+of this license document, but changing it is not allowed.
+
+Preamble
+
+The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too.
+
+When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.
+
+To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.
+
+For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.
+
+We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software.
+
+Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations.
+
+Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all.
+
+The precise terms and conditions for copying, distribution and modification follow.
+
+TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.
+
+1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
+
+2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.
+
+3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
+
+If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.
+
+4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
+
+5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.
+
+6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
+
+7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.
+
+This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
+
+8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.
+
+9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.
+
+10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
+
+NO WARRANTY
+
+11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+END OF TERMS AND CONDITIONS
+
+How to Apply These Terms to Your New Programs
+
+If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms.
+
+To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.
+
+ One line to give the program's name and a brief idea of what it does.
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ signature of Ty Coon, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License.
+
+"CLASSPATH" EXCEPTION TO THE GPL VERSION 2
+
+Certain source files distributed by Oracle are subject to the following clarification and special exception to the GPL Version 2, but only where Oracle has expressly included in the particular source file's header the words "Oracle designates this particular file as subject to the "Classpath" exception as provided by Oracle in the License file that accompanied this code."
+
+Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License Version 2 cover the whole combination.
+
+As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.
+
+
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tomee/tomee-microprofile-webapp/src/main/resources/META-INF/NOTICE
----------------------------------------------------------------------
diff --git a/tomee/tomee-microprofile-webapp/src/main/resources/META-INF/NOTICE b/tomee/tomee-microprofile-webapp/src/main/resources/META-INF/NOTICE
new file mode 100644
index 0000000..52f83d3
--- /dev/null
+++ b/tomee/tomee-microprofile-webapp/src/main/resources/META-INF/NOTICE
@@ -0,0 +1,140 @@
+Apache OpenEJB
+Copyright 1999-2014 The Apache Software Foundation
+
+This product includes software developed at
+The Apache Software Foundation (http://www.apache.org/).
+
+This product includes schema files developed for the Glassfish Java EE
+reference implementation (http://java.sun.com/xml/ns/j2ee/).
+Apache OpenEJB elects to include this software in this distribution
+under the CDDL license. You can obtain a copy of the License at:
+ https://glassfish.dev.java.net/public/CDDL+GPL.html
+
+
+=====================================
+Apache Xerces Java NOTICE
+
+Portions of this software were originally based on the following:
+ - software copyright (c) 1999, IBM Corporation., http://www.ibm.com.
+ - software copyright (c) 1999, Sun Microsystems., http://www.sun.com.
+ - voluntary contributions made by Paul Eng on behalf of the
+ Apache Software Foundation that were originally developed at iClick, Inc.,
+ software copyright (c) 1999.
+
+
+=====================================
+Apache OpenJPA NOTICE
+
+OpenJPA includes the persistence and orm schemas from the JPA specifications.
+Copyright 2005-2014 Sun Microsystems, Inc. All rights reserved.
+
+OpenJPA elects to include this software in this distribution under the
+CDDL license. You can obtain a copy of the License at:
+ https://glassfish.dev.java.net/public/CDDL+GPL.html
+The source code is available at:
+ https://glassfish.dev.java.net/source/browse/glassfish/
+
+OpenJPA includes software written by Miroslav Nachev
+
+
+=====================================
+Apache WebServices - XmlSchema NOTICE
+
+Portions Copyright 2006 International Business Machines Corp.
+
+Portions Copyright (C) World Wide Web Consortium 2006, 2007 and licensed under the
+three-part BSD license.
+
+
+=====================================
+Apache Bean Validation NOTICE
+
+This product includes software developed by agimatec GmbH.
+Copyright 2007-2010 Agimatec GmbH. All rights reserved.
+
+
+=====================================
+Apache MyFaces NOTICE
+
+This software also includes code from Facelets (https://facelets.dev.java.net/)
+for the purpose of implementing Facelets PDL for JSF 2.0 support.
+
+This product includes schema files developed for the Glassfish Java EE
+reference implementation (http://java.sun.com/xml/ns/j2ee/).
+Apache Myfaces elects to include this software in this distribution
+under the CDDL license. You can obtain a copy of the License at:
+ https://glassfish.dev.java.net/public/CDDL+GPL.html
+The source code is available at:
+ https://glassfish.dev.java.net/source/browse/glassfish/
+
+
+This software also includes code from the Dojo toolkit (http://www.dojotoolkit.org/)
+for the purpose of reusing existing well proven javascript code in the myfaces
+javascript core, which is licensed under a modified BSD license or the Academic Free License version 2.1
+(see http://o.dojotoolkit.org/about/license and http://trac.dojotoolkit.org/browser/dojo/trunk/LICENSE for more information)
+
+This software also includes code from j4fry (http://www.j4fry.org/),
+which is licensed under ASL 2.0.
+
+=====================================
+Apache ActiveMQ NOTICE
+
+This product includes software developed by the Protocol Buffers
+project (http://code.google.com/apis/protocolbuffers).
+
+
+=====================================
+Apache CXF NOTICE
+
+Java classes (source and binary) under org.apache.cxf.jaxws.javaee
+are generated from schema available here:
+(http://java.sun.com/xml/ns/javaee/javaee_5.xsd)
+
+Portions of the file cxf-utils.js derives from code marked:
+This code was written by Tyler Akins and has been placed in the
+public domain. It would be nice if you left this header intact.
+Base64 code from Tyler Akins -- http://rumkin.com
+
+The product contains code (StaxBuilder.java) that is
+ Copyright (C) 2000-2004 Jason Hunter & Brett McLaughlin.
+ All rights reserved.
+ See the NOTICE.jdom file for additional information
+
+This Product also includes software developed by David Heinemeier Hansson.
+(http://dev.rubyonrails.org/browser/trunk/activesupport/lib/active_support/inflections.rb)
+
+This product includes software Copyright University of Southampton IT Innovation Centre, 2009
+(http://www.it-innovation.soton.ac.uk).
+
+=========================================================================
+ - JAnsi (http://http://jansi.fusesource.org/) org.fusesource.jansi:jansi:jar:1.8
+ License: Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
+=========================================================================
+FastInfoset (https://fi.java.net/)
+License: Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
+=========================================================================
+Istack Commons Runtime (https://istack-commons.java.net/)
+License: CDDL v1.1 and GPL v2 (https://glassfish.java.net/public/CDDL+GPL_1_1.html)
+=========================================================================
+Jaxb Core (https://jaxb.java.net/)
+License: CDDL v1.1 and GPL v2 (https://glassfish.java.net/public/CDDL+GPL_1_1.html)
+=========================================================================
+Quartz (http://quartz-scheduler.org/)
+License: Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
+=========================================================================
+el-api - Unified Expression Language is dual licensed under 2 OSI approved licenses (https://uel.java.net/license.html)
+ COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL - Version 1.1)
+ GNU General Public License (GPL - Version 2, June 1991) with the Classpath Exception
+=========================================================================
+Apache XBean :: ASM shaded (repackaged)
+Copyright 2005-2013 The Apache Software Foundation
+
+This product includes software developed at
+The Apache Software Foundation (http://www.apache.org/).
+=========================================================================
+This product includes software developed by
+Joda.org (http://www.joda.org/).
+=========================================================================
+This product includes software developed and copyrighted by the The OWASP
+ Foundation (https://www.owasp.org)
+=========================================================================
[3/3] tomee git commit: Backport MicroProfile from fb_tomee8 branch
Posted by jl...@apache.org.
Backport MicroProfile from fb_tomee8 branch
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/c456f4be
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/c456f4be
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/c456f4be
Branch: refs/heads/tomee-7.1.x
Commit: c456f4bed23674bf9d0f1db59071e2a981b47559
Parents: 6bcf91d
Author: Jean-Louis Monteiro <je...@gmail.com>
Authored: Mon Apr 30 16:29:19 2018 +0200
Committer: Jean-Louis Monteiro <je...@gmail.com>
Committed: Mon Apr 30 16:29:19 2018 +0200
----------------------------------------------------------------------
.../java/org/apache/openejb/util/Index.java | 3 -
mp-jwt/pom.xml | 75 ++
.../tomee/microprofile/jwt/MPJWTFilter.java | 271 ++++
.../microprofile/jwt/MPJWTInitializer.java | 64 +
.../tomee/microprofile/jwt/ParseException.java | 32 +
.../tomee/microprofile/jwt/cdi/ClaimBean.java | 373 ++++++
.../jwt/cdi/ClaimInjectionPoint.java | 70 +
.../microprofile/jwt/cdi/ClaimValueWrapper.java | 53 +
.../microprofile/jwt/cdi/DefaultLiteral.java | 24 +
.../microprofile/jwt/cdi/JsonbProducer.java | 46 +
.../microprofile/jwt/cdi/MPJWTCDIExtension.java | 103 ++
.../microprofile/jwt/cdi/MPJWTProducer.java | 49 +
.../jwt/config/JWTAuthContextInfo.java | 67 +
.../jwt/jaxrs/MPJWPProviderRegistration.java | 36 +
.../MPJWTSecurityAnnotationsInterceptor.java | 57 +
...TSecurityAnnotationsInterceptorsFeature.java | 144 +++
.../principal/DefaultJWTCallerPrincipal.java | 360 ++++++
.../DefaultJWTCallerPrincipalFactory.java | 92 ++
.../jwt/principal/JWTCallerPrincipal.java | 59 +
.../principal/JWTCallerPrincipalFactory.java | 129 ++
.../META-INF/org.apache.openejb.extension | 1 +
.../javax.enterprise.inject.spi.Extension | 1 +
.../javax.servlet.ServletContainerInitializer | 1 +
...file.jwt.principal.JWTCallerPrincipalFactory | 1 +
pom.xml | 14 +-
tck/microprofile-tck/config/pom.xml | 136 ++
.../microprofile/config/ConfigurationBean.java | 25 +
.../MicroProfileConfigTCKArchiveProcessor.java | 38 +
.../config/MicroProfileConfigTCKExtension.java | 11 +
....jboss.arquillian.core.spi.LoadableExtension | 1 +
.../config/src/test/resources/arquillian.xml | 40 +
tck/microprofile-tck/jwt/pom.xml | 192 +++
.../jwt/JWTAuthContextInfoProvider.java | 63 +
.../tomee/microprofile/jwt/TCKTokenParser.java | 40 +
.../jwt/AppDeploymentExtension.java | 77 ++
...lipse.microprofile.jwt.tck.util.ITokenParser | 1 +
....jboss.arquillian.core.spi.LoadableExtension | 1 +
.../jwt/src/test/resources/arquillian.xml | 39 +
.../jwt/src/test/resources/dev.xml | 93 ++
tck/microprofile-tck/pom.xml | 38 +
tck/pom.xml | 1 +
tomee/apache-tomee/pom.xml | 70 +-
.../src/main/assembly/tomee-microprofile.xml | 83 ++
tomee/pom.xml | 1 +
tomee/tomee-microprofile-webapp/pom.xml | 105 ++
.../src/main/assembly/war.xml | 92 ++
.../src/main/resources/META-INF/LICENSE | 1197 ++++++++++++++++++
.../src/main/resources/META-INF/NOTICE | 140 ++
48 files changed, 4600 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/container/openejb-core/src/main/java/org/apache/openejb/util/Index.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/util/Index.java b/container/openejb-core/src/main/java/org/apache/openejb/util/Index.java
index 26eb705..0ad6bbd 100644
--- a/container/openejb-core/src/main/java/org/apache/openejb/util/Index.java
+++ b/container/openejb-core/src/main/java/org/apache/openejb/util/Index.java
@@ -165,9 +165,6 @@ public class Index<K, V> extends AbstractMap<K, V> {
return toArray(new Object[entries.length]);
}
- public interface ListSet extends List, Set {
- }
-
public Object[] toArray(Object[] values) {
if (values.length < entries.length) {
values = (Object[]) Array.newInstance(values.getClass().getComponentType(), entries.length);
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/pom.xml
----------------------------------------------------------------------
diff --git a/mp-jwt/pom.xml b/mp-jwt/pom.xml
new file mode 100644
index 0000000..b1b86f6
--- /dev/null
+++ b/mp-jwt/pom.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>tomee-project</artifactId>
+ <groupId>org.apache.tomee</groupId>
+ <version>8.0.0-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>mp-jwt</artifactId>
+ <packaging>jar</packaging>
+ <name>OpenEJB :: Microprofile JWT</name>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.tomee</groupId>
+ <artifactId>javaee-api</artifactId>
+ <version>${version.javaee-api}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>openejb-core</artifactId>
+ <version>${project.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>openejb-cxf-rs</artifactId>
+ <version>${project.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.bitbucket.b_c</groupId>
+ <artifactId>jose4j</artifactId>
+ <version>0.6.0</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.johnzon</groupId>
+ <artifactId>johnzon-jsonb</artifactId>
+ <version>${johnzon.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomcat</groupId>
+ <artifactId>tomcat-catalina</artifactId>
+ <version>${tomcat.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.microprofile.jwt</groupId>
+ <artifactId>microprofile-jwt-auth-api</artifactId>
+ <version>${mp-jwt.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
+
+
+</project>
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
new file mode 100644
index 0000000..a7b47d3
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
@@ -0,0 +1,271 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt;
+
+import org.apache.tomee.microprofile.jwt.config.JWTAuthContextInfo;
+import org.apache.tomee.microprofile.jwt.principal.JWTCallerPrincipalFactory;
+import org.eclipse.microprofile.jwt.JsonWebToken;
+
+import javax.inject.Inject;
+import javax.security.auth.Subject;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.ext.ExceptionMapper;
+import javax.ws.rs.ext.Provider;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Collections;
+import java.util.LinkedHashSet;
+import java.util.Locale;
+import java.util.Set;
+import java.util.concurrent.Callable;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+// async is supported because we only need to do work on the way in
+@WebFilter(asyncSupported = true, urlPatterns = "/*")
+public class MPJWTFilter implements Filter {
+
+ @Inject
+ private JWTAuthContextInfo authContextInfo;
+
+ @Override
+ public void init(final FilterConfig filterConfig) throws ServletException {
+ // nothing so far
+
+ }
+
+ @Override
+ public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
+
+ final HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+
+ // now wrap the httpServletRequest and override the principal so CXF can propagate into the SecurityContext
+ try {
+ chain.doFilter(new MPJWTServletRequestWrapper(httpServletRequest, authContextInfo), response);
+
+ } catch (final Exception e) {
+ // this is an alternative to the @Provider bellow which requires registration on the fly
+ // or users to add it into their webapp for scanning or into the Application itself
+ if (MPJWTException.class.isInstance(e)) {
+ final MPJWTException jwtException = MPJWTException.class.cast(e);
+ HttpServletResponse.class.cast(response).sendError(jwtException.getStatus(), jwtException.getMessage());
+ }
+
+ if (MPJWTException.class.isInstance(e.getCause())) {
+ final MPJWTException jwtException = MPJWTException.class.cast(e.getCause());
+ HttpServletResponse.class.cast(response).sendError(jwtException.getStatus(), jwtException.getMessage());
+ }
+
+ }
+
+ }
+
+ @Override
+ public void destroy() {
+ // nothing to do
+ }
+
+ private static Function<HttpServletRequest, JsonWebToken> token(final HttpServletRequest httpServletRequest, final JWTAuthContextInfo authContextInfo) {
+
+ return new Function<HttpServletRequest, JsonWebToken>() {
+
+ private JsonWebToken jsonWebToken;
+
+ @Override
+ public JsonWebToken apply(final HttpServletRequest request) {
+
+ // not sure it's worth having synchronization inside a single request
+ // worth case, we would parse and validate the token twice
+ if (jsonWebToken != null) {
+ return jsonWebToken;
+ }
+
+ final String authorizationHeader = httpServletRequest.getHeader("Authorization");
+ if (authorizationHeader == null || authorizationHeader.isEmpty()) {
+ throw new MissingAuthorizationHeaderException();
+ }
+
+ if (!authorizationHeader.toLowerCase(Locale.ENGLISH).startsWith("bearer ")) {
+ throw new BadAuthorizationPrefixException(authorizationHeader);
+ }
+
+ final String token = authorizationHeader.substring("bearer ".length());
+ try {
+ jsonWebToken = validate(token, authContextInfo);
+
+ } catch (final ParseException e) {
+ throw new InvalidTokenException(token, e);
+ }
+
+ return jsonWebToken;
+
+ }
+ };
+
+ }
+
+ private static JsonWebToken validate(final String bearerToken, final JWTAuthContextInfo authContextInfo) throws ParseException {
+ JWTCallerPrincipalFactory factory = JWTCallerPrincipalFactory.instance();
+ return factory.parse(bearerToken, authContextInfo);
+ }
+
+ public static class MPJWTServletRequestWrapper extends HttpServletRequestWrapper {
+
+ private final Function<HttpServletRequest, JsonWebToken> tokenFunction;
+ private final HttpServletRequest request;
+
+ /**
+ * Constructs a request object wrapping the given request.
+ *
+ * @param request The request to wrap
+ * @param authContextInfo the context configuration to validate the token
+ * @throws IllegalArgumentException if the request is null
+ */
+ public MPJWTServletRequestWrapper(final HttpServletRequest request, final JWTAuthContextInfo authContextInfo) {
+ super(request);
+ this.request = request;
+ tokenFunction = token(request, authContextInfo);
+
+ // this is so that the MPJWTProducer can find the function and apply it if necessary
+ request.setAttribute(JsonWebToken.class.getName(), tokenFunction);
+ request.setAttribute("javax.security.auth.subject.callable", (Callable<Subject>) new Callable<Subject>() {
+ @Override
+ public Subject call() throws Exception {
+ final Set<Principal> principals = new LinkedHashSet<>();
+ final JsonWebToken namePrincipal = tokenFunction.apply(request);
+ principals.add(namePrincipal);
+ principals.addAll(namePrincipal.getGroups().stream().map(new Function<String, Principal>() {
+ @Override
+ public Principal apply(final String role) {
+ return (Principal) new Principal() {
+ @Override
+ public String getName() {
+ return role;
+ }
+ };
+ }
+ }).collect(Collectors.<Principal>toList()));
+ return new Subject(true, principals, Collections.emptySet(), Collections.emptySet());
+ }
+ });
+ }
+
+ @Override
+ public Principal getUserPrincipal() {
+ return tokenFunction.apply(request);
+ }
+
+ @Override
+ public boolean isUserInRole(String role) {
+ final JsonWebToken jsonWebToken = tokenFunction.apply(request);
+ return jsonWebToken.getGroups().contains(role);
+ }
+
+ @Override
+ public String getAuthType() {
+ return "MP-JWT";
+ }
+
+ }
+
+ private static abstract class MPJWTException extends RuntimeException {
+
+ public MPJWTException() {
+ super();
+ }
+
+ public MPJWTException(final Throwable cause) {
+ super(cause);
+ }
+
+ public abstract int getStatus();
+
+ public abstract String getMessage();
+ }
+
+ private static class MissingAuthorizationHeaderException extends MPJWTException {
+
+ @Override
+ public int getStatus() {
+ return HttpServletResponse.SC_UNAUTHORIZED;
+ }
+
+ @Override
+ public String getMessage() {
+ return "No authorization header provided. Can't validate the JWT.";
+ }
+ }
+
+ private static class BadAuthorizationPrefixException extends MPJWTException {
+
+ private String authorizationHeader;
+
+ public BadAuthorizationPrefixException(final String authorizationHeader) {
+ this.authorizationHeader = authorizationHeader;
+ }
+
+ @Override
+ public int getStatus() {
+ return HttpServletResponse.SC_UNAUTHORIZED;
+ }
+
+ @Override
+ public String getMessage() {
+ return "Authorization header does not use the Bearer prefix. Can't validate header " + authorizationHeader;
+ }
+ }
+
+ private static class InvalidTokenException extends MPJWTException {
+
+ private final String token;
+
+ public InvalidTokenException(final String token, final Throwable cause) {
+ super(cause);
+ this.token = token;
+ }
+
+ @Override
+ public int getStatus() {
+ return HttpServletResponse.SC_UNAUTHORIZED;
+ }
+
+ @Override
+ public String getMessage() {
+ return "Invalid or not parsable JWT " + token; // we might want to break down the exceptions so we can have more messages.
+ }
+ }
+
+ @Provider // would be the ideal but not automatically registered
+ public static class MPJWTExceptionMapper implements ExceptionMapper<MPJWTException> {
+
+ @Override
+ public Response toResponse(final MPJWTException exception) {
+ return Response.status(exception.getStatus()).entity(exception.getMessage()).build();
+ }
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTInitializer.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTInitializer.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTInitializer.java
new file mode 100644
index 0000000..cede7dc
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTInitializer.java
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt;
+
+import org.eclipse.microprofile.auth.LoginConfig;
+
+import javax.servlet.FilterRegistration;
+import javax.servlet.ServletContainerInitializer;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.HandlesTypes;
+import javax.ws.rs.core.Application;
+import java.util.Set;
+
+/**
+ * Responsible for adding the filter into the chain and doing all other initialization
+ */
+@HandlesTypes(LoginConfig.class)
+public class MPJWTInitializer implements ServletContainerInitializer {
+
+ @Override
+ public void onStartup(final Set<Class<?>> classes, final ServletContext ctx) throws ServletException {
+
+ if (classes == null || classes.isEmpty()) {
+ return; // no classe having @LoginConfig on it
+ }
+
+ for (Class<?> clazz : classes) {
+ final LoginConfig loginConfig = clazz.getAnnotation(LoginConfig.class);
+
+ if (loginConfig.authMethod() == null && !"MP-JWT".equals(loginConfig.authMethod())) {
+ continue;
+ }
+
+ if (!Application.class.isAssignableFrom(clazz)) {
+ continue;
+ // do we really want Application?
+ // See https://github.com/eclipse/microprofile-jwt-auth/issues/70 to clarify this point
+ }
+
+ final FilterRegistration.Dynamic mpJwtFilter = ctx.addFilter("mp-jwt-filter", MPJWTFilter.class);
+ mpJwtFilter.setAsyncSupported(true);
+ mpJwtFilter.addMappingForUrlPatterns(null, false, "/*");
+
+ break; // no need to add it more than once
+ }
+
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/ParseException.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/ParseException.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/ParseException.java
new file mode 100644
index 0000000..d9572d5
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/ParseException.java
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt;
+
+/**
+ * The exception thrown when
+ */
+public class ParseException extends Exception {
+ private static final long serialVersionUID = 1L;
+
+ public ParseException(final String message) {
+ super(message);
+ }
+
+ public ParseException(final String message, final Throwable cause) {
+ super(message, cause);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/ClaimBean.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/ClaimBean.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/ClaimBean.java
new file mode 100644
index 0000000..be83a9b
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/ClaimBean.java
@@ -0,0 +1,373 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt.cdi;
+
+import org.eclipse.microprofile.jwt.Claim;
+import org.eclipse.microprofile.jwt.ClaimValue;
+import org.eclipse.microprofile.jwt.Claims;
+import org.eclipse.microprofile.jwt.JsonWebToken;
+
+import javax.enterprise.context.Dependent;
+import javax.enterprise.context.RequestScoped;
+import javax.enterprise.context.spi.CreationalContext;
+import javax.enterprise.inject.Instance;
+import javax.enterprise.inject.Vetoed;
+import javax.enterprise.inject.spi.Annotated;
+import javax.enterprise.inject.spi.Bean;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.enterprise.inject.spi.InjectionPoint;
+import javax.enterprise.inject.spi.PassivationCapable;
+import javax.enterprise.util.AnnotationLiteral;
+import javax.inject.Inject;
+import javax.inject.Provider;
+import javax.json.Json;
+import javax.json.JsonArrayBuilder;
+import javax.json.JsonObject;
+import javax.json.JsonValue;
+import javax.json.bind.Jsonb;
+import java.lang.annotation.Annotation;
+import java.lang.reflect.ParameterizedType;
+import java.lang.reflect.Type;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
+import java.util.function.Supplier;
+import java.util.logging.Logger;
+
+@Vetoed
+public class ClaimBean<T> implements Bean<T>, PassivationCapable {
+
+ private static final Logger logger = Logger.getLogger(MPJWTCDIExtension.class.getName());
+
+ private static final Set<Annotation> QUALIFIERS = new HashSet<>();
+
+ static {
+ QUALIFIERS.add(new ClaimLiteral());
+ }
+
+ @Inject
+ private Jsonb jsonb;
+
+ private final BeanManager bm;
+ private final Class rawType;
+ private final Set<Type> types;
+ private final String id;
+ private final Class<? extends Annotation> scope;
+
+ public ClaimBean(final BeanManager bm, final Type type) {
+ this.bm = bm;
+ types = new HashSet<>();
+ types.add(type);
+ rawType = getRawType(type);
+ this.id = "ClaimBean_" + types;
+ scope = Dependent.class;
+ }
+
+ private Class getRawType(final Type type) {
+ if (Class.class.isInstance(type)) {
+ return Class.class.cast(type);
+
+ } else if (ParameterizedType.class.isInstance(type)) {
+ final ParameterizedType paramType = ParameterizedType.class.cast(type);
+ return Class.class.cast(paramType.getRawType());
+ }
+
+ throw new UnsupportedOperationException("Unsupported type " + type);
+ }
+
+
+ @Override
+ public Set<InjectionPoint> getInjectionPoints() {
+ return Collections.emptySet();
+ }
+
+ @Override
+ public Class<?> getBeanClass() {
+ return rawType;
+ }
+
+ @Override
+ public boolean isNullable() {
+ return false;
+ }
+
+ @Override
+ public void destroy(final T instance, final CreationalContext<T> context) {
+ logger.finest("Destroying CDI Bean for type " + types.iterator().next());
+ }
+
+ @Override
+ public Set<Type> getTypes() {
+ return types;
+ }
+
+ @Override
+ public Set<Annotation> getQualifiers() {
+ return QUALIFIERS;
+ }
+
+ @Override
+ public Class<? extends Annotation> getScope() {
+ return scope;
+ }
+
+ @Override
+ public String getName() {
+ return null;
+ }
+
+ @Override
+ public Set<Class<? extends Annotation>> getStereotypes() {
+ return Collections.emptySet();
+ }
+
+ @Override
+ public boolean isAlternative() {
+ return false;
+ }
+
+ @Override
+ public String getId() {
+ return id;
+ }
+
+ @Override
+ public T create(final CreationalContext<T> context) {
+ logger.finest("Creating CDI Bean for type " + types.iterator().next());
+ final InjectionPoint ip = (InjectionPoint) bm.getInjectableReference(new ClaimInjectionPoint(this), context);
+ if (ip == null) {
+ throw new IllegalStateException("Could not retrieve InjectionPoint for type " + types.iterator().next());
+ }
+
+ final Annotated annotated = ip.getAnnotated();
+ final Claim claim = annotated.getAnnotation(Claim.class);
+ final String key = getClaimKey(claim);
+
+ logger.finest(String.format("Found Claim injection with name=%s and for %s", key, ip.toString()));
+
+ if (ParameterizedType.class.isInstance(annotated.getBaseType())) {
+ final ParameterizedType paramType = ParameterizedType.class.cast(annotated.getBaseType());
+ final Type rawType = paramType.getRawType();
+ if (Class.class.isInstance(rawType) && paramType.getActualTypeArguments().length == 1) {
+
+ final Class<?> rawTypeClass = ((Class<?>) rawType);
+
+ // handle Provider<T>
+ if (rawTypeClass.isAssignableFrom(Provider.class)) {
+ final Type providerType = paramType.getActualTypeArguments()[0];
+ if (ParameterizedType.class.isInstance(providerType) && isOptional(ParameterizedType.class.cast(providerType))) {
+ return (T) Optional.ofNullable(getClaimValue(key));
+ }
+ return getClaimValue(key);
+ }
+
+ // handle Instance<T>
+ if (rawTypeClass.isAssignableFrom(Instance.class)) {
+ final Type instanceType = paramType.getActualTypeArguments()[0];
+ if (ParameterizedType.class.isInstance(instanceType) && isOptional(ParameterizedType.class.cast(instanceType))) {
+ return (T) Optional.ofNullable(getClaimValue(key));
+ }
+ return getClaimValue(key);
+ }
+
+ // handle ClaimValue<T>
+ if (rawTypeClass.isAssignableFrom(ClaimValue.class)) {
+ final Type claimValueType = paramType.getActualTypeArguments()[0];
+
+ final ClaimValueWrapper claimValueWrapper = new ClaimValueWrapper(key);
+ if (ParameterizedType.class.isInstance(claimValueType) && isOptional(ParameterizedType.class.cast(claimValueType))) {
+ claimValueWrapper.setValue(new Supplier() {
+ @Override
+ public Object get() {
+ final T claimValue = ClaimBean.this.getClaimValue(key);
+ return Optional.ofNullable(claimValue);
+ }
+ });
+
+ } else if (ParameterizedType.class.isInstance(claimValueType) && isSet(ParameterizedType.class.cast(claimValueType))) {
+ claimValueWrapper.setValue(new Supplier() {
+ @Override
+ public Object get() {
+ final T claimValue = ClaimBean.this.getClaimValue(key);
+ return claimValue;
+ }
+ });
+
+ } else if (ParameterizedType.class.isInstance(claimValueType) && isList(ParameterizedType.class.cast(claimValueType))) {
+ claimValueWrapper.setValue(new Supplier() {
+ @Override
+ public Object get() {
+ final T claimValue = ClaimBean.this.getClaimValue(key);
+ return claimValue;
+ }
+ });
+
+ } else if (Class.class.isInstance(claimValueType)) {
+ claimValueWrapper.setValue(new Supplier() {
+ @Override
+ public Object get() {
+ final T claimValue = ClaimBean.this.getClaimValue(key);
+ return claimValue;
+ }
+ });
+
+ } else {
+ throw new IllegalArgumentException("Unsupported ClaimValue type " + claimValueType.toString());
+ }
+
+ return (T) claimValueWrapper;
+ }
+
+ // handle Optional<T>
+ if (rawTypeClass.isAssignableFrom(Optional.class)) {
+ return getClaimValue(key);
+ }
+
+ // handle Set<T>
+ if (rawTypeClass.isAssignableFrom(Set.class)) {
+ return getClaimValue(key);
+ }
+
+ // handle List<T>
+ if (rawTypeClass.isAssignableFrom(List.class)) {
+ return getClaimValue(key);
+ }
+ }
+
+ } else if (annotated.getBaseType().getTypeName().startsWith("javax.json.Json")) {
+ // handle JsonValue<T> (number, string, etc)
+ return (T) toJson(key);
+
+ } else {
+ // handle Raw types
+ return getClaimValue(key);
+ }
+
+ throw new IllegalStateException("Unhandled Claim type " + annotated.getBaseType());
+ }
+
+ public static String getClaimKey(final Claim claim) {
+ return claim.standard() == Claims.UNKNOWN ? claim.value() : claim.standard().name();
+ }
+
+ private T getClaimValue(final String name) {
+ final Bean<?> bean = bm.resolve(bm.getBeans(JsonWebToken.class));
+ JsonWebToken jsonWebToken = null;
+ if (RequestScoped.class.equals(bean.getScope())) {
+ jsonWebToken = JsonWebToken.class.cast(bm.getReference(bean, JsonWebToken.class, null));
+ }
+ if (jsonWebToken == null || !bean.getScope().equals(RequestScoped.class)) {
+ logger.warning(String.format("Can't retrieve claim %s. No active principal.", name));
+ return null;
+ }
+
+ final Optional<T> claimValue = jsonWebToken.claim(name);
+ logger.finest(String.format("Found ClaimValue=%s for name=%s", claimValue, name));
+ return claimValue.orElse(null);
+ }
+
+ private JsonValue toJson(final String name) {
+ final T claimValue = getClaimValue(name);
+ return wrapValue(claimValue);
+ }
+
+ private static final String TMP = "tmp";
+
+ private JsonValue wrapValue(final Object value) {
+ JsonValue jsonValue = null;
+
+ if (JsonValue.class.isInstance(value)) {
+ // This may already be a JsonValue
+ jsonValue = JsonValue.class.cast(value);
+
+ } else if (String.class.isInstance(value)) {
+ jsonValue = Json.createObjectBuilder()
+ .add(TMP, value.toString())
+ .build()
+ .getJsonString(TMP);
+
+ } else if (Number.class.isInstance(value)) {
+ final Number number = Number.class.cast(value);
+ if ((Long.class.isInstance(number)) || (Integer.class.isInstance(number))) {
+ jsonValue = Json.createObjectBuilder()
+ .add(TMP, number.longValue())
+ .build()
+ .getJsonNumber(TMP);
+
+ } else {
+ jsonValue = Json.createObjectBuilder()
+ .add(TMP, number.doubleValue())
+ .build()
+ .getJsonNumber(TMP);
+ }
+
+ } else if (Boolean.class.isInstance(value)) {
+ final Boolean flag = Boolean.class.cast(value);
+ jsonValue = flag ? JsonValue.TRUE : JsonValue.FALSE;
+
+ } else if (Collection.class.isInstance(value)) {
+ final JsonArrayBuilder arrayBuilder = Json.createArrayBuilder();
+ final Collection list = Collection.class.cast(value);
+
+ for (Object element : list) {
+ if (String.class.isInstance(element)) {
+ arrayBuilder.add(element.toString());
+
+ } else {
+ final JsonValue jvalue = wrapValue(element);
+ arrayBuilder.add(jvalue);
+ }
+ }
+ jsonValue = arrayBuilder.build();
+
+ } else if (Map.class.isInstance(value)) {
+ jsonValue = jsonb.fromJson(jsonb.toJson(value), JsonObject.class);
+
+ }
+ return jsonValue;
+ }
+
+ private boolean isOptional(final ParameterizedType type) {
+ return ((Class) type.getRawType()).isAssignableFrom(Optional.class);
+ }
+
+ private boolean isSet(final ParameterizedType type) {
+ return ((Class) type.getRawType()).isAssignableFrom(Set.class);
+ }
+
+ private boolean isList(final ParameterizedType type) {
+ return ((Class) type.getRawType()).isAssignableFrom(List.class);
+ }
+
+ private static class ClaimLiteral extends AnnotationLiteral<Claim> implements Claim {
+
+ @Override
+ public String value() {
+ return "";
+ }
+
+ @Override
+ public Claims standard() {
+ return Claims.UNKNOWN;
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/ClaimInjectionPoint.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/ClaimInjectionPoint.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/ClaimInjectionPoint.java
new file mode 100644
index 0000000..2f1fd3d
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/ClaimInjectionPoint.java
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt.cdi;
+
+import javax.enterprise.inject.spi.Annotated;
+import javax.enterprise.inject.spi.Bean;
+import javax.enterprise.inject.spi.InjectionPoint;
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Member;
+import java.lang.reflect.Type;
+import java.util.Collections;
+import java.util.Set;
+
+public class ClaimInjectionPoint implements InjectionPoint {
+
+ private final Bean bean;
+
+ public ClaimInjectionPoint(final Bean bean) {
+ this.bean = bean;
+ }
+
+ @Override
+ public boolean isTransient() {
+ return false;
+ }
+
+ @Override
+ public boolean isDelegate() {
+ return false;
+ }
+
+ @Override
+ public Type getType() {
+ return InjectionPoint.class;
+ }
+
+ @Override
+ public Set<Annotation> getQualifiers() {
+ return Collections.<Annotation>singleton(DefaultLiteral.INSTANCE);
+ }
+
+ @Override
+ public Member getMember() {
+ return null;
+ }
+
+ @Override
+ public Bean<?> getBean() {
+ return bean;
+ }
+
+ @Override
+ public Annotated getAnnotated() {
+ return null;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/ClaimValueWrapper.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/ClaimValueWrapper.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/ClaimValueWrapper.java
new file mode 100644
index 0000000..2836abd
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/ClaimValueWrapper.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt.cdi;
+
+import org.eclipse.microprofile.jwt.ClaimValue;
+
+import java.util.function.Supplier;
+
+public class ClaimValueWrapper<T> implements ClaimValue<T> {
+
+ private final String name;
+ private Supplier<T> value;
+
+ public ClaimValueWrapper(final String name) {
+ this.name = name;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ @Override
+ public T getValue() {
+ return value.get();
+ }
+
+ void setValue(final Supplier<T> value) {
+ this.value = value;
+ }
+
+ @Override
+ public String toString() {
+ return "ClaimValueWrapper{" +
+ "name='" + name + '\'' +
+ ", value=" + value.get() +
+ '}';
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/DefaultLiteral.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/DefaultLiteral.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/DefaultLiteral.java
new file mode 100644
index 0000000..273ff96
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/DefaultLiteral.java
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt.cdi;
+
+import javax.enterprise.inject.Default;
+import javax.enterprise.util.AnnotationLiteral;
+
+public class DefaultLiteral extends AnnotationLiteral<Default> implements Default {
+ public static final Default INSTANCE = new DefaultLiteral();
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/JsonbProducer.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/JsonbProducer.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/JsonbProducer.java
new file mode 100644
index 0000000..53a9088
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/JsonbProducer.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt.cdi;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Disposes;
+import javax.enterprise.inject.Produces;
+import javax.json.bind.Jsonb;
+import javax.json.bind.spi.JsonbProvider;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+@ApplicationScoped
+// todo add a qualifier here so we isolate our instance from what applications would do
+public class JsonbProducer {
+
+ private static final Logger log = Logger.getLogger(MPJWTCDIExtension.class.getName());
+
+ @Produces
+ public Jsonb create() {
+ return JsonbProvider.provider().create().build();
+ }
+
+ public void close(@Disposes final Jsonb jsonb) {
+ try {
+ jsonb.close();
+
+ } catch (final Exception e) {
+ log.log(Level.WARNING, e.getMessage(), e);
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/MPJWTCDIExtension.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/MPJWTCDIExtension.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/MPJWTCDIExtension.java
new file mode 100644
index 0000000..ca69b0a
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/MPJWTCDIExtension.java
@@ -0,0 +1,103 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt.cdi;
+
+import org.apache.tomee.microprofile.jwt.MPJWTFilter;
+import org.apache.tomee.microprofile.jwt.MPJWTInitializer;
+import org.eclipse.microprofile.jwt.Claim;
+
+import javax.enterprise.event.Observes;
+import javax.enterprise.inject.Instance;
+import javax.enterprise.inject.spi.AfterBeanDiscovery;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.enterprise.inject.spi.BeforeBeanDiscovery;
+import javax.enterprise.inject.spi.Extension;
+import javax.enterprise.inject.spi.InjectionPoint;
+import javax.enterprise.inject.spi.ProcessInjectionPoint;
+import javax.inject.Provider;
+import java.lang.reflect.ParameterizedType;
+import java.lang.reflect.Type;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.function.Consumer;
+import java.util.function.Predicate;
+import java.util.stream.Collectors;
+
+public class MPJWTCDIExtension implements Extension {
+
+ private static final Predicate<InjectionPoint> NOT_PROVIDERS = ip -> (Class.class.isInstance(ip.getType())) || (ParameterizedType.class.isInstance(ip.getType()) && ((ParameterizedType) ip.getType()).getRawType() != Provider.class);
+ private static final Predicate<InjectionPoint> NOT_INSTANCES = ip -> (Class.class.isInstance(ip.getType())) || (ParameterizedType.class.isInstance(ip.getType()) && ((ParameterizedType) ip.getType()).getRawType() != Instance.class);
+ private static final Map<Type, Type> REPLACED_TYPES = new HashMap<>();
+
+ static {
+ REPLACED_TYPES.put(double.class, Double.class);
+ REPLACED_TYPES.put(int.class, Integer.class);
+ REPLACED_TYPES.put(float.class, Float.class);
+ REPLACED_TYPES.put(long.class, Long.class);
+ REPLACED_TYPES.put(boolean.class, Boolean.class);
+ }
+
+ private Set<InjectionPoint> injectionPoints = new HashSet<>();
+
+ public void collectConfigProducer(@Observes final ProcessInjectionPoint<?, ?> pip) {
+ final Claim claim = pip.getInjectionPoint().getAnnotated().getAnnotation(Claim.class);
+ if (claim != null) {
+ injectionPoints.add(pip.getInjectionPoint());
+ }
+ }
+
+ public void registerClaimProducer(@Observes final AfterBeanDiscovery abd, final BeanManager bm) {
+
+ final Set<Type> types = injectionPoints.stream()
+ .filter(NOT_PROVIDERS)
+ .filter(NOT_INSTANCES)
+ .map(ip -> REPLACED_TYPES.getOrDefault(ip.getType(), ip.getType()))
+ .collect(Collectors.<Type>toSet());
+
+ final Set<Type> providerTypes = injectionPoints.stream()
+ .filter(NOT_PROVIDERS.negate())
+ .map(ip -> ((ParameterizedType) ip.getType()).getActualTypeArguments()[0])
+ .collect(Collectors.<Type>toSet());
+
+ final Set<Type> instanceTypes = injectionPoints.stream()
+ .filter(NOT_INSTANCES.negate())
+ .map(ip -> ((ParameterizedType) ip.getType()).getActualTypeArguments()[0])
+ .collect(Collectors.<Type>toSet());
+
+ types.addAll(providerTypes);
+ types.addAll(instanceTypes);
+
+ types.stream()
+ .map(type -> new ClaimBean<>(bm, type))
+ .forEach(new Consumer<ClaimBean>() {
+ @Override
+ public void accept(final ClaimBean claimBean) {
+ abd.addBean(claimBean);
+ }
+ });
+ }
+
+ public void observeBeforeBeanDiscovery(@Observes final BeforeBeanDiscovery bbd, final BeanManager beanManager) {
+ bbd.addAnnotatedType(beanManager.createAnnotatedType(JsonbProducer.class));
+ bbd.addAnnotatedType(beanManager.createAnnotatedType(MPJWTFilter.class));
+ bbd.addAnnotatedType(beanManager.createAnnotatedType(MPJWTInitializer.class));
+ bbd.addAnnotatedType(beanManager.createAnnotatedType(MPJWTProducer.class));
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/MPJWTProducer.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/MPJWTProducer.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/MPJWTProducer.java
new file mode 100644
index 0000000..42034b9
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/cdi/MPJWTProducer.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt.cdi;
+
+import org.eclipse.microprofile.jwt.JsonWebToken;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.context.RequestScoped;
+import javax.enterprise.inject.Produces;
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+import java.util.Objects;
+import java.util.function.Function;
+
+@ApplicationScoped
+public class MPJWTProducer {
+
+ @Inject
+ private HttpServletRequest httpServletRequest;
+
+ @Produces
+ @RequestScoped
+ public JsonWebToken currentPrincipal() {
+ Objects.requireNonNull(httpServletRequest, "HTTP Servlet Request is required to produce a JSonWebToken principal.");
+
+ // not very beautiful, but avoids having the MPJWTFilter setting the request or the principal in a thread local
+ // CDI integration already has one - dunno which approach is the best for now
+ final Object tokenAttribute = httpServletRequest.getAttribute(JsonWebToken.class.getName());
+ if (Function.class.isInstance(tokenAttribute)) {
+ return (JsonWebToken) Function.class.cast(tokenAttribute).apply(httpServletRequest);
+ }
+
+ return null;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/JWTAuthContextInfo.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/JWTAuthContextInfo.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/JWTAuthContextInfo.java
new file mode 100644
index 0000000..a969515
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/JWTAuthContextInfo.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt.config;
+
+import java.security.interfaces.RSAPublicKey;
+
+/**
+ * The public key and expected issuer needed to validate a token.
+ */
+public class JWTAuthContextInfo {
+
+ private RSAPublicKey signerKey;
+ private String issuedBy;
+ private int expGracePeriodSecs = 60;
+
+ public JWTAuthContextInfo() {
+ }
+
+ public JWTAuthContextInfo(final RSAPublicKey signerKey, final String issuedBy) {
+ this.signerKey = signerKey;
+ this.issuedBy = issuedBy;
+ }
+
+ public JWTAuthContextInfo(final JWTAuthContextInfo orig) {
+ this.signerKey = orig.signerKey;
+ this.issuedBy = orig.issuedBy;
+ this.expGracePeriodSecs = orig.expGracePeriodSecs;
+ }
+
+ public RSAPublicKey getSignerKey() {
+ return signerKey;
+ }
+
+ public void setSignerKey(final RSAPublicKey signerKey) {
+ this.signerKey = signerKey;
+ }
+
+ public String getIssuedBy() {
+ return issuedBy;
+ }
+
+ public void setIssuedBy(final String issuedBy) {
+ this.issuedBy = issuedBy;
+ }
+
+ public int getExpGracePeriodSecs() {
+ return expGracePeriodSecs;
+ }
+
+ public void setExpGracePeriodSecs(final int expGracePeriodSecs) {
+ this.expGracePeriodSecs = expGracePeriodSecs;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/jaxrs/MPJWPProviderRegistration.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/jaxrs/MPJWPProviderRegistration.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/jaxrs/MPJWPProviderRegistration.java
new file mode 100644
index 0000000..34f152f
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/jaxrs/MPJWPProviderRegistration.java
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt.jaxrs;
+
+import org.apache.openejb.observer.Observes;
+import org.apache.openejb.server.cxf.rs.event.ExtensionProviderRegistration;
+import org.apache.tomee.microprofile.jwt.MPJWTFilter;
+
+/**
+ * OpenEJB/TomEE hack to register a new provider on the fly
+ * Could be package in tomee only or done in another way
+ *
+ * As soon as Roberto is done with the packaging, we can remove all this and providers are going to be scanned automatically
+ */
+public class MPJWPProviderRegistration {
+
+ public void registerProvider(@Observes final ExtensionProviderRegistration event) {
+ event.getProviders().add(new MPJWTFilter.MPJWTExceptionMapper());
+ event.getProviders().add(new MPJWTSecurityAnnotationsInterceptorsFeature());
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/jaxrs/MPJWTSecurityAnnotationsInterceptor.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/jaxrs/MPJWTSecurityAnnotationsInterceptor.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/jaxrs/MPJWTSecurityAnnotationsInterceptor.java
new file mode 100644
index 0000000..f604e6b
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/jaxrs/MPJWTSecurityAnnotationsInterceptor.java
@@ -0,0 +1,57 @@
+package org.apache.tomee.microprofile.jwt.jaxrs;
+
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.SecurityContext;
+import java.io.IOException;
+import java.lang.reflect.Method;
+import java.net.HttpURLConnection;
+import java.util.Set;
+import java.util.concurrent.ConcurrentMap;
+
+public class MPJWTSecurityAnnotationsInterceptor implements ContainerRequestFilter {
+
+ private final javax.ws.rs.container.ResourceInfo resourceInfo;
+ private final ConcurrentMap<Method, Set<String>> rolesAllowed;
+ private final Set<Method> denyAll;
+ private final Set<Method> permitAll;
+
+ public MPJWTSecurityAnnotationsInterceptor(final javax.ws.rs.container.ResourceInfo resourceInfo,
+ final ConcurrentMap<Method, Set<String>> rolesAllowed,
+ final Set<Method> denyAll,
+ final Set<Method> permitAll) {
+ this.resourceInfo = resourceInfo;
+ this.rolesAllowed = rolesAllowed;
+ this.denyAll = denyAll;
+ this.permitAll = permitAll;
+ }
+
+ @Override
+ public void filter(final ContainerRequestContext requestContext) throws IOException {
+ if (permitAll.contains(resourceInfo.getResourceMethod())) {
+ return;
+ }
+
+ if (denyAll.contains(resourceInfo.getResourceMethod())) {
+ forbidden(requestContext);
+ return;
+ }
+
+ final Set<String> roles = rolesAllowed.get(resourceInfo.getResourceMethod());
+ if (roles != null && !roles.isEmpty()) {
+ final SecurityContext securityContext = requestContext.getSecurityContext();
+ for (String role : roles) {
+ if (!securityContext.isUserInRole(role)) {
+ forbidden(requestContext);
+ break;
+ }
+ }
+ }
+
+ }
+
+ private void forbidden(final ContainerRequestContext requestContext) {
+ requestContext.abortWith(Response.status(HttpURLConnection.HTTP_FORBIDDEN).build());
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/jaxrs/MPJWTSecurityAnnotationsInterceptorsFeature.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/jaxrs/MPJWTSecurityAnnotationsInterceptorsFeature.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/jaxrs/MPJWTSecurityAnnotationsInterceptorsFeature.java
new file mode 100644
index 0000000..58b3203
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/jaxrs/MPJWTSecurityAnnotationsInterceptorsFeature.java
@@ -0,0 +1,144 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt.jaxrs;
+
+import javax.annotation.security.DenyAll;
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
+import javax.ws.rs.container.DynamicFeature;
+import javax.ws.rs.container.ResourceInfo;
+import javax.ws.rs.core.FeatureContext;
+import javax.ws.rs.ext.Provider;
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+
+@Provider
+public class MPJWTSecurityAnnotationsInterceptorsFeature implements DynamicFeature {
+
+ private final ConcurrentMap<Method, Set<String>> rolesAllowed = new ConcurrentHashMap<>();
+ private final Set<Method> denyAll = new HashSet<>();
+ private final Set<Method> permitAll = new HashSet<>();
+
+ @Override
+ public void configure(final ResourceInfo resourceInfo, final FeatureContext context) {
+
+ final boolean hasSecurity = processSecurityAnnotations(resourceInfo.getResourceClass(), resourceInfo.getResourceMethod());
+
+ if (hasSecurity) { // no need to add interceptor on the resources that don(t have any security requirements to enforce
+ context.register(new MPJWTSecurityAnnotationsInterceptor(resourceInfo, rolesAllowed, denyAll, permitAll));
+ }
+
+ }
+
+ private boolean processSecurityAnnotations(final Class clazz, final Method method) {
+
+ final List<Class<? extends Annotation>[]> classSecurityAnnotations = hasClassLevelAnnotations(clazz,
+ RolesAllowed.class, PermitAll.class, DenyAll.class);
+
+ final List<Class<? extends Annotation>[]> methodSecurityAnnotations = hasMethodLevelAnnotations(method,
+ RolesAllowed.class, PermitAll.class, DenyAll.class);
+
+ if (classSecurityAnnotations.size() == 0 && methodSecurityAnnotations.size() == 0) {
+ return false; // nothing to do
+ }
+
+ /*
+ * Process annotations at the class level
+ */
+ if (classSecurityAnnotations.size() > 1) {
+ throw new IllegalStateException(clazz.getName() + " has more than one security annotation (RolesAllowed, PermitAll, DenyAll).");
+ }
+
+ if (methodSecurityAnnotations.size() > 1) {
+ throw new IllegalStateException(method.toString() + " has more than one security annotation (RolesAllowed, PermitAll, DenyAll).");
+ }
+
+ if (methodSecurityAnnotations.size() == 0) { // no need to deal with class level annotations if the method has some
+ final RolesAllowed classRolesAllowed = (RolesAllowed) clazz.getAnnotation(RolesAllowed.class);
+ final PermitAll classPermitAll = (PermitAll) clazz.getAnnotation(PermitAll.class);
+ final DenyAll classDenyAll = (DenyAll) clazz.getAnnotation(DenyAll.class);
+
+ if (classRolesAllowed != null) {
+ Set<String> roles = new HashSet<String>();
+ final Set<String> previous = rolesAllowed.putIfAbsent(method, roles);
+ if (previous != null) {
+ roles = previous;
+ }
+ roles.addAll(Arrays.asList(classRolesAllowed.value()));
+ }
+
+ if (classPermitAll != null) {
+ permitAll.add(method);
+ }
+
+ if (classDenyAll != null) {
+ denyAll.add(method);
+ }
+ }
+
+ final RolesAllowed mthdRolesAllowed = method.getAnnotation(RolesAllowed.class);
+ final PermitAll mthdPermitAll = method.getAnnotation(PermitAll.class);
+ final DenyAll mthdDenyAll = method.getAnnotation(DenyAll.class);
+
+ if (mthdRolesAllowed != null) {
+ Set<String> roles = new HashSet<String>();
+ final Set<String> previous = rolesAllowed.putIfAbsent(method, roles);
+ if (previous != null) {
+ roles = previous;
+ }
+ roles.addAll(Arrays.asList(mthdRolesAllowed.value()));
+ }
+
+ if (mthdPermitAll != null) {
+ permitAll.add(method);
+ }
+
+ if (mthdDenyAll != null) {
+ denyAll.add(method);
+ }
+
+ return true;
+ }
+
+ private List<Class<? extends Annotation>[]> hasClassLevelAnnotations(final Class clazz, final Class<? extends Annotation>... annotationsToCheck) {
+ final List<Class<? extends Annotation>[]> list = new ArrayList<>();
+ for (Class<? extends Annotation> annotationToCheck : annotationsToCheck) {
+ if (clazz.isAnnotationPresent(annotationToCheck)) {
+ list.add(annotationsToCheck);
+ }
+ }
+ return list;
+ }
+
+ private List<Class<? extends Annotation>[]> hasMethodLevelAnnotations(final Method method, final Class<? extends Annotation>... annotationsToCheck) {
+ final List<Class<? extends Annotation>[]> list = new ArrayList<>();
+ for (Class<? extends Annotation> annotationToCheck : annotationsToCheck) {
+ if (method.isAnnotationPresent(annotationToCheck)) {
+ list.add(annotationsToCheck);
+ }
+ }
+ return list;
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/DefaultJWTCallerPrincipal.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/DefaultJWTCallerPrincipal.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/DefaultJWTCallerPrincipal.java
new file mode 100644
index 0000000..661fbde
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/DefaultJWTCallerPrincipal.java
@@ -0,0 +1,360 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt.principal;
+
+import org.eclipse.microprofile.jwt.Claims;
+import org.jose4j.jwt.JwtClaims;
+import org.jose4j.jwt.MalformedClaimException;
+
+import javax.json.Json;
+import javax.json.JsonArray;
+import javax.json.JsonArrayBuilder;
+import javax.json.JsonNumber;
+import javax.json.JsonObject;
+import javax.json.JsonObjectBuilder;
+import javax.json.JsonValue;
+import javax.security.auth.Subject;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+/**
+ * A default implementation of JWTCallerPrincipal using jose4j
+ * Another implementation could use nimbus and another plain JSON-P
+ */
+public class DefaultJWTCallerPrincipal extends JWTCallerPrincipal {
+
+ private static final Logger logger = Logger.getLogger(DefaultJWTCallerPrincipal.class.getName());
+ private final String jwt;
+ private final String type;
+ private final JwtClaims claimsSet;
+
+ /**
+ * Create the DefaultJWTCallerPrincipal from the parsed JWT token and the extracted principal name
+ *
+ * @param jwt - the parsed JWT token representation
+ * @param name - the extracted unqiue name to use as the principal name; from "upn", "preferred_username" or "sub" claim
+ */
+ public DefaultJWTCallerPrincipal(final String jwt, final String type, final JwtClaims claimsSet, final String name) {
+ super(name);
+ this.jwt = jwt;
+ this.type = type;
+ this.claimsSet = claimsSet;
+ fixJoseTypes();
+ }
+
+ @Override
+ public Set<String> getAudience() {
+ final Set<String> audSet = new HashSet<>();
+ try {
+ final List<String> audList = claimsSet.getStringListClaimValue("aud");
+ if (audList != null) {
+ audSet.addAll(audList);
+ }
+
+ } catch (final MalformedClaimException e) {
+ try {
+ final String aud = claimsSet.getStringClaimValue("aud");
+ audSet.add(aud);
+ } catch (final MalformedClaimException e1) {
+ logger.log(Level.FINEST, "Can't retrieve malformed 'aud' claim.", e);
+ }
+ }
+ return audSet.isEmpty() ? null : audSet;
+ }
+
+ @Override
+ public Set<String> getGroups() {
+ final HashSet<String> groups = new HashSet<>();
+ try {
+ final List<String> globalGroups = claimsSet.getStringListClaimValue("groups");
+ if (globalGroups != null) {
+ groups.addAll(globalGroups);
+ }
+
+ } catch (final MalformedClaimException e) {
+ logger.log(Level.FINEST, "Can't retrieve malformed 'groups' claim.", e);
+ }
+ return groups;
+ }
+
+
+ @Override
+ public Set<String> getClaimNames() {
+ return new HashSet<>(claimsSet.getClaimNames());
+ }
+
+ public String getRawToken() {
+ return jwt;
+ }
+
+ @Override
+ public Object getClaim(final String claimName) {
+ Claims claimType = Claims.UNKNOWN;
+ Object claim = null;
+ try {
+ claimType = Claims.valueOf(claimName);
+ } catch (IllegalArgumentException e) {
+ }
+ // Handle the jose4j NumericDate types and
+ switch (claimType) {
+ case exp:
+ case iat:
+ case auth_time:
+ case nbf:
+ case updated_at:
+ try {
+ claim = claimsSet.getClaimValue(claimType.name(), Long.class);
+ if (claim == null) {
+ claim = new Long(0);
+ }
+ } catch (final MalformedClaimException e) {
+ logger.log(Level.FINEST, "Can't retrieve 'updated_at' a malformed claim.", e);
+ }
+ break;
+ case groups:
+ claim = getGroups();
+ break;
+ case aud:
+ claim = getAudience();
+ break;
+ case UNKNOWN:
+ claim = claimsSet.getClaimValue(claimName);
+ break;
+ default:
+ claim = claimsSet.getClaimValue(claimType.name());
+ }
+ return claim;
+ }
+
+ @Override
+ public boolean implies(final Subject subject) {
+ return false;
+ }
+
+ public String toString() {
+ return toString(false);
+ }
+
+ /**
+ * TODO: showAll is ignored and currently assumed true
+ *
+ * @param showAll - should all claims associated with the JWT be displayed or should only those defined in the
+ * JsonWebToken interface be displayed.
+ * @return JWTCallerPrincipal string view
+ */
+ @Override
+ public String toString(boolean showAll) {
+ String toString = "DefaultJWTCallerPrincipal{" +
+ "id='" + getTokenID() + '\'' +
+ ", name='" + getName() + '\'' +
+ ", expiration=" + getExpirationTime() +
+ ", notBefore=" + getClaim(Claims.nbf.name()) +
+ ", issuedAt=" + getIssuedAtTime() +
+ ", issuer='" + getIssuer() + '\'' +
+ ", audience=" + getAudience() +
+ ", subject='" + getSubject() + '\'' +
+ ", type='" + type + '\'' +
+ ", issuedFor='" + getClaim("azp") + '\'' +
+ ", authTime=" + getClaim("auth_time") +
+ ", givenName='" + getClaim("given_name") + '\'' +
+ ", familyName='" + getClaim("family_name") + '\'' +
+ ", middleName='" + getClaim("middle_name") + '\'' +
+ ", nickName='" + getClaim("nickname") + '\'' +
+ ", preferredUsername='" + getClaim("preferred_username") + '\'' +
+ ", email='" + getClaim("email") + '\'' +
+ ", emailVerified=" + getClaim(Claims.email_verified.name()) +
+ ", allowedOrigins=" + getClaim("allowedOrigins") +
+ ", updatedAt=" + getClaim("updated_at") +
+ ", acr='" + getClaim("acr") + '\'';
+
+ final StringBuilder tmp = new StringBuilder(toString);
+ tmp.append(", groups=[");
+ for (String group : getGroups()) {
+ tmp.append(group);
+ tmp.append(',');
+ }
+ tmp.setLength(tmp.length() - 1);
+ tmp.append("]}");
+ return tmp.toString();
+ }
+
+ /**
+ * Convert the types jose4j uses for address, sub_jwk, and jwk
+ */
+ private void fixJoseTypes() {
+ if (claimsSet.hasClaim(Claims.address.name())) {
+ replaceMap(Claims.address.name());
+ }
+ if (claimsSet.hasClaim(Claims.jwk.name())) {
+ replaceMap(Claims.jwk.name());
+ }
+ if (claimsSet.hasClaim(Claims.sub_jwk.name())) {
+ replaceMap(Claims.sub_jwk.name());
+ }
+
+ // Handle custom claims
+ final Set<String> customClaimNames = filterCustomClaimNames(claimsSet.getClaimNames());
+ for (String name : customClaimNames) {
+ final Object claimValue = claimsSet.getClaimValue(name);
+ if (claimValue instanceof List) {
+ replaceList(name);
+
+ } else if (claimValue instanceof Map) {
+ replaceMap(name);
+
+ } else if (claimValue instanceof Number) {
+ replaceNumber(name);
+ }
+ }
+ }
+
+ /**
+ * Determine the custom claims in the set
+ *
+ * @param claimNames - the current set of claim names in this token
+ * @return the possibly empty set of names for non-Claims claims
+ */
+ private Set<String> filterCustomClaimNames(final Collection<String> claimNames) {
+ final HashSet<String> customNames = new HashSet<>(claimNames);
+ for (Claims claim : Claims.values()) {
+ customNames.remove(claim.name());
+ }
+ return customNames;
+ }
+
+ /**
+ * Replace the jose4j Map<String,Object> with a JsonObject
+ *
+ * @param name - claim name
+ */
+ private void replaceMap(final String name) {
+ try {
+ final Map<String, Object> map = claimsSet.getClaimValue(name, Map.class);
+ final JsonObject jsonObject = replaceMap(map);
+ claimsSet.setClaim(name, jsonObject);
+
+ } catch (final MalformedClaimException e) {
+ logger.log(Level.WARNING, "replaceMap failure for: " + name, e);
+ }
+ }
+
+ private JsonObject replaceMap(final Map<String, Object> map) {
+ final JsonObjectBuilder builder = Json.createObjectBuilder();
+
+ for (Map.Entry<String, Object> entry : map.entrySet()) {
+ final Object entryValue = entry.getValue();
+ if (entryValue instanceof Map) {
+ final JsonObject entryJsonObject = replaceMap((Map<String, Object>) entryValue);
+ builder.add(entry.getKey(), entryJsonObject);
+
+ } else if (entryValue instanceof List) {
+ final JsonArray array = (JsonArray) wrapValue(entryValue);
+ builder.add(entry.getKey(), array);
+
+ } else if (entryValue instanceof Long || entryValue instanceof Integer) {
+ final long lvalue = ((Number) entryValue).longValue();
+ builder.add(entry.getKey(), lvalue);
+
+ } else if (entryValue instanceof Double || entryValue instanceof Float) {
+ final double value = ((Number) entryValue).doubleValue();
+ builder.add(entry.getKey(), value);
+
+ } else if (entryValue instanceof Boolean) {
+ final boolean flag = ((Boolean) entryValue).booleanValue();
+ builder.add(entry.getKey(), flag);
+
+ } else if (entryValue instanceof String) {
+ builder.add(entry.getKey(), entryValue.toString());
+ }
+ }
+ return builder.build();
+ }
+
+ private JsonValue wrapValue(final Object value) {
+ JsonValue jsonValue = null;
+ if (value instanceof Number) {
+ final Number number = (Number) value;
+ if ((number instanceof Long) || (number instanceof Integer)) {
+ jsonValue = Json.createObjectBuilder()
+ .add("tmp", number.longValue())
+ .build()
+ .getJsonNumber("tmp");
+
+ } else {
+ jsonValue = Json.createObjectBuilder()
+ .add("tmp", number.doubleValue())
+ .build()
+ .getJsonNumber("tmp");
+ }
+
+ } else if (value instanceof Boolean) {
+ final Boolean flag = (Boolean) value;
+ jsonValue = flag ? JsonValue.TRUE : JsonValue.FALSE;
+
+ } else if (value instanceof List) {
+ final JsonArrayBuilder arrayBuilder = Json.createArrayBuilder();
+ final List list = (List) value;
+ for (Object element : list) {
+ if (element instanceof String) {
+ arrayBuilder.add(element.toString());
+
+ } else {
+ JsonValue jvalue = wrapValue(element);
+ arrayBuilder.add(jvalue);
+ }
+
+ }
+ jsonValue = arrayBuilder.build();
+
+ }
+ return jsonValue;
+ }
+
+
+ /**
+ * Replace the jose4j List<?> with a JsonArray
+ *
+ * @param name - claim name
+ */
+ private void replaceList(final String name) {
+ try {
+ final List list = claimsSet.getClaimValue(name, List.class);
+ final JsonArray array = (JsonArray) wrapValue(list);
+ claimsSet.setClaim(name, array);
+
+ } catch (final MalformedClaimException e) {
+ logger.log(Level.WARNING, "replaceList failure for: " + name, e);
+ }
+ }
+
+ private void replaceNumber(final String name) {
+ try {
+ final Number number = claimsSet.getClaimValue(name, Number.class);
+ final JsonNumber jsonNumber = (JsonNumber) wrapValue(number);
+ claimsSet.setClaim(name, jsonNumber);
+
+ } catch (final MalformedClaimException e) {
+ logger.log(Level.WARNING, "replaceNumber failure for: " + name, e);
+ }
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/DefaultJWTCallerPrincipalFactory.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/DefaultJWTCallerPrincipalFactory.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/DefaultJWTCallerPrincipalFactory.java
new file mode 100644
index 0000000..feb2008
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/DefaultJWTCallerPrincipalFactory.java
@@ -0,0 +1,92 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt.principal;
+
+import org.apache.tomee.microprofile.jwt.ParseException;
+import org.apache.tomee.microprofile.jwt.config.JWTAuthContextInfo;
+import org.eclipse.microprofile.jwt.Claims;
+import org.jose4j.jwa.AlgorithmConstraints;
+import org.jose4j.jws.AlgorithmIdentifiers;
+import org.jose4j.jwt.JwtClaims;
+import org.jose4j.jwt.MalformedClaimException;
+import org.jose4j.jwt.NumericDate;
+import org.jose4j.jwt.consumer.InvalidJwtException;
+import org.jose4j.jwt.consumer.JwtConsumer;
+import org.jose4j.jwt.consumer.JwtConsumerBuilder;
+import org.jose4j.jwt.consumer.JwtContext;
+
+/**
+ * A default implementation of the abstract JWTCallerPrincipalFactory that uses the Keycloak token parsing classes.
+ */
+public class DefaultJWTCallerPrincipalFactory extends JWTCallerPrincipalFactory {
+
+ /**
+ * Tries to load the JWTAuthContextInfo from CDI if the class level authContextInfo has not been set.
+ */
+ public DefaultJWTCallerPrincipalFactory() {
+ }
+
+ @Override
+ public JWTCallerPrincipal parse(final String token, final JWTAuthContextInfo authContextInfo) throws ParseException {
+ JWTCallerPrincipal principal;
+
+ try {
+ final JwtConsumerBuilder builder = new JwtConsumerBuilder()
+ .setRequireExpirationTime()
+ .setRequireSubject()
+ .setSkipDefaultAudienceValidation()
+ .setExpectedIssuer(authContextInfo.getIssuedBy())
+ .setVerificationKey(authContextInfo.getSignerKey())
+ .setJwsAlgorithmConstraints(
+ new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST,
+ AlgorithmIdentifiers.RSA_USING_SHA256));
+
+ if (authContextInfo.getExpGracePeriodSecs() > 0) {
+ builder.setAllowedClockSkewInSeconds(authContextInfo.getExpGracePeriodSecs());
+
+ } else {
+ builder.setEvaluationTime(NumericDate.fromSeconds(0));
+ }
+
+ final JwtConsumer jwtConsumer = builder.build();
+ final JwtContext jwtContext = jwtConsumer.process(token);
+ final String type = jwtContext.getJoseObjects().get(0).getHeader("typ");
+ // Validate the JWT and process it to the Claims
+ jwtConsumer.processContext(jwtContext);
+ JwtClaims claimsSet = jwtContext.getJwtClaims();
+
+ // We have to determine the unique name to use as the principal name. It comes from upn, preferred_username, sub in that order
+ String principalName = claimsSet.getClaimValue("upn", String.class);
+ if (principalName == null) {
+ principalName = claimsSet.getClaimValue("preferred_username", String.class);
+ if (principalName == null) {
+ principalName = claimsSet.getSubject();
+ }
+ }
+ claimsSet.setClaim(Claims.raw_token.name(), token);
+ principal = new DefaultJWTCallerPrincipal(token, type, claimsSet, principalName);
+
+ } catch (final InvalidJwtException e) {
+ throw new ParseException("Failed to verify token", e);
+
+ } catch (final MalformedClaimException e) {
+ throw new ParseException("Failed to verify token claims", e);
+ }
+
+ return principal;
+ }
+}
\ No newline at end of file
[2/3] tomee git commit: Backport MicroProfile from fb_tomee8 branch
Posted by jl...@apache.org.
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/JWTCallerPrincipal.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/JWTCallerPrincipal.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/JWTCallerPrincipal.java
new file mode 100644
index 0000000..d8e3c4c
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/JWTCallerPrincipal.java
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt.principal;
+
+
+import org.eclipse.microprofile.jwt.JsonWebToken;
+
+import java.util.Optional;
+
+/**
+ * An abstract CallerPrincipal implementation that provides access to the JWT claims that are required by
+ * the microprofile token.
+ */
+public abstract class JWTCallerPrincipal implements JsonWebToken {
+
+ private String name;
+
+ /**
+ * Create a JWTCallerPrincipal with the caller's name
+ *
+ * @param name - caller's name
+ */
+ public JWTCallerPrincipal(final String name) {
+ this.name = name;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * Generate a human readable version of the caller principal and associated JWT.
+ *
+ * @param showAll - should all claims associated with the JWT be displayed or should only those defined in the
+ * JsonWebToken interface be displayed.
+ * @return human readable presentation of the caller principal and associated JWT.
+ */
+ public abstract String toString(final boolean showAll);
+
+ public <T> Optional<T> claim(final String claimName) {
+ final T claim = (T) getClaim(claimName);
+ return Optional.ofNullable(claim);
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/JWTCallerPrincipalFactory.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/JWTCallerPrincipalFactory.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/JWTCallerPrincipalFactory.java
new file mode 100644
index 0000000..e7ebcd6
--- /dev/null
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/principal/JWTCallerPrincipalFactory.java
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt.principal;
+
+import org.apache.tomee.microprofile.jwt.ParseException;
+import org.apache.tomee.microprofile.jwt.config.JWTAuthContextInfo;
+
+import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.ServiceLoader;
+
+/**
+ * The factory class that provides the token string to JWTCallerPrincipal parsing for a given implementation.
+ */
+public abstract class JWTCallerPrincipalFactory {
+
+ private static JWTCallerPrincipalFactory instance;
+
+ /**
+ * Obtain the JWTCallerPrincipalFactory that has been set or by using the ServiceLoader pattern.
+ *
+ * @return the factory instance
+ * @see #setInstance(JWTCallerPrincipalFactory)
+ */
+ public static JWTCallerPrincipalFactory instance() {
+ if (instance == null) {
+ synchronized (JWTCallerPrincipalFactory.class) {
+ if (instance != null) {
+ return instance;
+ }
+
+ ClassLoader cl = AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
+ @Override
+ public ClassLoader run() {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ if (cl == null) {
+ cl = JWTCallerPrincipalFactory.class.getClassLoader();
+ }
+
+ JWTCallerPrincipalFactory newInstance = loadSpi(cl);
+
+ if (newInstance == null && cl != JWTCallerPrincipalFactory.class.getClassLoader()) {
+ cl = JWTCallerPrincipalFactory.class.getClassLoader();
+ newInstance = loadSpi(cl);
+ }
+ if (newInstance == null) {
+ throw new IllegalStateException("No JWTCallerPrincipalFactory implementation found!");
+ }
+
+ instance = newInstance;
+ }
+ }
+
+ return instance;
+ }
+
+ /**
+ * Look for a JWTCallerPrincipalFactory service implementation using the ServiceLoader.
+ *
+ * @param cl - the ClassLoader to pass into the {@link ServiceLoader#load(Class, ClassLoader)} method.
+ * @return the JWTCallerPrincipalFactory if found, null otherwise
+ */
+ private static JWTCallerPrincipalFactory loadSpi(ClassLoader cl) {
+ if (cl == null) {
+ return null;
+ }
+
+ // start from the root CL and go back down to the TCCL
+ JWTCallerPrincipalFactory instance = loadSpi(cl.getParent());
+
+ if (instance == null) {
+ ServiceLoader<JWTCallerPrincipalFactory> sl = ServiceLoader.load(JWTCallerPrincipalFactory.class, cl);
+ URL u = cl.getResource("/META-INF/services/org.apache.tomee.microprofile.jwt.JWTCallerPrincipalFactory");
+ System.out.printf("JWTCallerPrincipalFactory, cl=%s, u=%s, sl=%s\n", cl, u, sl);
+ try {
+ for (JWTCallerPrincipalFactory spi : sl) {
+ if (instance != null) {
+ throw new IllegalStateException(
+ "Multiple JWTCallerPrincipalFactory implementations found: "
+ + spi.getClass().getName() + " and "
+ + instance.getClass().getName());
+ } else {
+ System.out.printf("sl=%s, loaded=%s\n", sl, spi);
+ instance = spi;
+ }
+ }
+
+ } catch (final Throwable e) {
+ System.err.printf("Warning: %s\n", e.getMessage());
+ }
+ }
+ return instance;
+ }
+
+ /**
+ * Set the instance. It is used by OSGi environment where service loader pattern is not supported.
+ *
+ * @param resolver the instance to use.
+ */
+ public static void setInstance(final JWTCallerPrincipalFactory resolver) {
+ instance = resolver;
+ }
+
+ /**
+ * Parse the given bearer token string into a JWTCallerPrincipal instance.
+ *
+ * @param token - the bearer token provided for authorization
+ * @return A JWTCallerPrincipal representation for the token.
+ * @throws ParseException on parse or verification failure.
+ */
+ public abstract JWTCallerPrincipal parse(final String token, final JWTAuthContextInfo authContextInfo) throws ParseException;
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/resources/META-INF/org.apache.openejb.extension
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/resources/META-INF/org.apache.openejb.extension b/mp-jwt/src/main/resources/META-INF/org.apache.openejb.extension
new file mode 100644
index 0000000..9734019
--- /dev/null
+++ b/mp-jwt/src/main/resources/META-INF/org.apache.openejb.extension
@@ -0,0 +1 @@
+org.apache.tomee.microprofile.jwt.jaxrs.MPJWPProviderRegistration
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/resources/META-INF/services/javax.enterprise.inject.spi.Extension
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/resources/META-INF/services/javax.enterprise.inject.spi.Extension b/mp-jwt/src/main/resources/META-INF/services/javax.enterprise.inject.spi.Extension
new file mode 100644
index 0000000..d5eea47
--- /dev/null
+++ b/mp-jwt/src/main/resources/META-INF/services/javax.enterprise.inject.spi.Extension
@@ -0,0 +1 @@
+org.apache.tomee.microprofile.jwt.cdi.MPJWTCDIExtension
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/resources/META-INF/services/javax.servlet.ServletContainerInitializer
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/resources/META-INF/services/javax.servlet.ServletContainerInitializer b/mp-jwt/src/main/resources/META-INF/services/javax.servlet.ServletContainerInitializer
new file mode 100644
index 0000000..100e625
--- /dev/null
+++ b/mp-jwt/src/main/resources/META-INF/services/javax.servlet.ServletContainerInitializer
@@ -0,0 +1 @@
+org.apache.tomee.microprofile.jwt.MPJWTInitializer
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/mp-jwt/src/main/resources/META-INF/services/org.apache.tomee.microprofile.jwt.principal.JWTCallerPrincipalFactory
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/resources/META-INF/services/org.apache.tomee.microprofile.jwt.principal.JWTCallerPrincipalFactory b/mp-jwt/src/main/resources/META-INF/services/org.apache.tomee.microprofile.jwt.principal.JWTCallerPrincipalFactory
new file mode 100644
index 0000000..21c9831
--- /dev/null
+++ b/mp-jwt/src/main/resources/META-INF/services/org.apache.tomee.microprofile.jwt.principal.JWTCallerPrincipalFactory
@@ -0,0 +1 @@
+org.apache.tomee.microprofile.jwt.principal.DefaultJWTCallerPrincipalFactory
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index f979e53..05fb362 100644
--- a/pom.xml
+++ b/pom.xml
@@ -94,8 +94,8 @@
<properties>
<tomee.version>${project.version}</tomee.version>
- <maven.compiler.source>1.7</maven.compiler.source>
- <maven.compiler.target>1.7</maven.compiler.target>
+ <maven.compiler.source>1.8</maven.compiler.source>
+ <maven.compiler.target>1.8</maven.compiler.target>
<!-- To easily change the javaee api version -->
<version.javaee-api>7.0-1</version.javaee-api>
@@ -125,7 +125,7 @@
<openejb.osgi.dynamic.import>${openejb.osgi.dynamic.import.pkg}</openejb.osgi.dynamic.import>
<openejb.osgi.symbolic.name>${project.groupId}.${project.artifactId}</openejb.osgi.symbolic.name>
- <batchee.version>0.4-incubating</batchee.version>
+ <batchee.version>0.4-incubating</batchee.version>
<version.arquillian>1.1.13.Final</version.arquillian>
<version.shrinkwrap.descriptor>2.0.0</version.shrinkwrap.descriptor>
@@ -193,6 +193,9 @@
<!-- arquillian related -->
<version.arquillian.bom>1.1.13.Final</version.arquillian.bom>
<version.shrinkwrap.resolver.bom>2.1.0</version.shrinkwrap.resolver.bom>
+
+ <mp-jwt.version>1.0</mp-jwt.version>
+ <mp-jwt-tck.version>${mp-jwt.version}</mp-jwt-tck.version>
</properties>
<build>
@@ -364,8 +367,8 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
- <source>1.7</source>
- <target>1.7</target>
+ <source>1.8</source>
+ <target>1.8</target>
</configuration>
</plugin>
<plugin>
@@ -508,6 +511,7 @@
<module>gradle</module>
<module>container</module>
<module>server</module>
+ <module>mp-jwt</module>
<module>examples</module>
<module>assembly</module>
<module>tck</module>
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/microprofile-tck/config/pom.xml
----------------------------------------------------------------------
diff --git a/tck/microprofile-tck/config/pom.xml b/tck/microprofile-tck/config/pom.xml
new file mode 100644
index 0000000..40c5bb5
--- /dev/null
+++ b/tck/microprofile-tck/config/pom.xml
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.tomee</groupId>
+ <artifactId>microprofile-tck</artifactId>
+ <version>7.0.5-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>microprofile-config-tck</artifactId>
+ <name>OpenEJB :: TCK :: MicroProfile Config TCK</name>
+
+ <properties>
+ <microprofile.config.version>1.2</microprofile.config.version>
+ </properties>
+
+ <!-- TODO - see ServerClassConverter: requires a fix in geronimo-config-impl to use the Thread ClassLoader in ClassConverter. -->
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <forkCount>1</forkCount>
+ <reuseForks>true</reuseForks>
+ <dependenciesToScan>
+ <dependency>org.eclipse.microprofile.config:microprofile-config-tck</dependency>
+ </dependenciesToScan>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <!-- debug libs -->
+ <dependency>
+ <groupId>org.apache.geronimo.config</groupId>
+ <artifactId>geronimo-config-impl</artifactId>
+ <version>1.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomee</groupId>
+ <artifactId>tomee-catalina</artifactId>
+ <version>${project.version}</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- distro -->
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>apache-tomee</artifactId>
+ <version>${project.version}</version>
+ <type>zip</type>
+ <classifier>microprofile</classifier>
+ <scope>test</scope>
+ </dependency>
+
+ <!-- tck stack -->
+ <dependency>
+ <groupId>org.eclipse.microprofile.config</groupId>
+ <artifactId>microprofile-config-api</artifactId>
+ <version>${microprofile.config.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.eclipse.microprofile.config</groupId>
+ <artifactId>microprofile-config-tck</artifactId>
+ <version>${microprofile.config.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.testng</groupId>
+ <artifactId>testng</artifactId>
+ <version>6.9.9</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>arquillian-tomee-remote</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.arquillian.testng</groupId>
+ <artifactId>arquillian-testng-core</artifactId>
+ <version>${version.arquillian}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.shrinkwrap.resolver</groupId>
+ <artifactId>shrinkwrap-resolver-api-maven</artifactId>
+ <version>2.2.2</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.shrinkwrap.resolver</groupId>
+ <artifactId>shrinkwrap-resolver-impl-maven</artifactId>
+ <version>2.2.2</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.shrinkwrap.resolver</groupId>
+ <artifactId>shrinkwrap-resolver-spi</artifactId>
+ <version>2.2.2</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/microprofile-tck/config/src/test/java/org/apache/openejb/tck/microprofile/config/ConfigurationBean.java
----------------------------------------------------------------------
diff --git a/tck/microprofile-tck/config/src/test/java/org/apache/openejb/tck/microprofile/config/ConfigurationBean.java b/tck/microprofile-tck/config/src/test/java/org/apache/openejb/tck/microprofile/config/ConfigurationBean.java
new file mode 100644
index 0000000..3193ad9
--- /dev/null
+++ b/tck/microprofile-tck/config/src/test/java/org/apache/openejb/tck/microprofile/config/ConfigurationBean.java
@@ -0,0 +1,25 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.tck.microprofile.config;
+
+import org.eclipse.microprofile.config.ConfigProvider;
+
+public class ConfigurationBean {
+ public String getConfig() {
+ return ConfigProvider.getConfig().getValue("config.test", String.class);
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/microprofile-tck/config/src/test/java/org/apache/openejb/tck/microprofile/config/MicroProfileConfigTCKArchiveProcessor.java
----------------------------------------------------------------------
diff --git a/tck/microprofile-tck/config/src/test/java/org/apache/openejb/tck/microprofile/config/MicroProfileConfigTCKArchiveProcessor.java b/tck/microprofile-tck/config/src/test/java/org/apache/openejb/tck/microprofile/config/MicroProfileConfigTCKArchiveProcessor.java
new file mode 100644
index 0000000..dcee75d
--- /dev/null
+++ b/tck/microprofile-tck/config/src/test/java/org/apache/openejb/tck/microprofile/config/MicroProfileConfigTCKArchiveProcessor.java
@@ -0,0 +1,38 @@
+package org.apache.openejb.tck.microprofile.config;
+
+import static org.apache.openejb.loader.JarLocation.jarLocation;
+
+import org.eclipse.microprofile.config.tck.converters.UpperCaseDuckConverter;
+import org.hamcrest.object.HasToString;
+import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
+import org.jboss.arquillian.test.spi.TestClass;
+import org.jboss.shrinkwrap.api.Archive;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+
+import java.io.File;
+
+public class MicroProfileConfigTCKArchiveProcessor implements ApplicationArchiveProcessor {
+ private File hamcrest;
+
+ @Override
+ public void process(final Archive<?> archive, final TestClass testClass) {
+ if (archive instanceof WebArchive) {
+ final WebArchive war = WebArchive.class.cast(archive);
+
+ // TODO - this could be fixed in the TCK by adding UpperCaseDuckConverter into org.eclipse.microprofile.config.tck.ConverterTest
+ JavaArchive configJar = ShrinkWrap
+ .create(JavaArchive.class, "config-tck-additional.jar")
+ .addClass(UpperCaseDuckConverter.class)
+ ;
+
+ war.addAsLibraries(configJar);
+
+ if (hamcrest == null) {
+ hamcrest = jarLocation(HasToString.class);
+ }
+ war.addAsLibrary(hamcrest);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/microprofile-tck/config/src/test/java/org/apache/openejb/tck/microprofile/config/MicroProfileConfigTCKExtension.java
----------------------------------------------------------------------
diff --git a/tck/microprofile-tck/config/src/test/java/org/apache/openejb/tck/microprofile/config/MicroProfileConfigTCKExtension.java b/tck/microprofile-tck/config/src/test/java/org/apache/openejb/tck/microprofile/config/MicroProfileConfigTCKExtension.java
new file mode 100644
index 0000000..e30ece7
--- /dev/null
+++ b/tck/microprofile-tck/config/src/test/java/org/apache/openejb/tck/microprofile/config/MicroProfileConfigTCKExtension.java
@@ -0,0 +1,11 @@
+package org.apache.openejb.tck.microprofile.config;
+
+import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
+import org.jboss.arquillian.core.spi.LoadableExtension;
+
+public class MicroProfileConfigTCKExtension implements LoadableExtension {
+ @Override
+ public void register(final ExtensionBuilder extensionBuilder) {
+ extensionBuilder.service(ApplicationArchiveProcessor.class, MicroProfileConfigTCKArchiveProcessor.class);
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/microprofile-tck/config/src/test/resources/META-INF/services/org.jboss.arquillian.core.spi.LoadableExtension
----------------------------------------------------------------------
diff --git a/tck/microprofile-tck/config/src/test/resources/META-INF/services/org.jboss.arquillian.core.spi.LoadableExtension b/tck/microprofile-tck/config/src/test/resources/META-INF/services/org.jboss.arquillian.core.spi.LoadableExtension
new file mode 100644
index 0000000..8644cce
--- /dev/null
+++ b/tck/microprofile-tck/config/src/test/resources/META-INF/services/org.jboss.arquillian.core.spi.LoadableExtension
@@ -0,0 +1 @@
+org.apache.openejb.tck.microprofile.config.MicroProfileConfigTCKExtension
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/microprofile-tck/config/src/test/resources/arquillian.xml
----------------------------------------------------------------------
diff --git a/tck/microprofile-tck/config/src/test/resources/arquillian.xml b/tck/microprofile-tck/config/src/test/resources/arquillian.xml
new file mode 100644
index 0000000..ecddd0c
--- /dev/null
+++ b/tck/microprofile-tck/config/src/test/resources/arquillian.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<arquillian xmlns="http://jboss.org/schema/arquillian"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+ http://jboss.org/schema/arquillian
+ http://jboss.org/schema/arquillian/arquillian_1_0.xsd">
+ <container qualifier="tomee-remote" default="true">
+ <configuration>
+ <property name="httpPort">-1</property>
+ <property name="ajpPort">-1</property>
+ <property name="stopPort">-1</property>
+ <property name="classifier">microprofile</property>
+ <property name="conf">src/test/conf</property>
+ <property name="dir">target/tomee</property>
+ <property name="appWorkingDir">target/workdir</property>
+ <property name="cleanOnStartUp">true</property>
+ <property name="properties">
+ config.test = SUCCESS
+ org.apache.geronimo.config.configsource.SystemPropertyConfigSource.copy = false
+ </property>
+ </configuration>
+ </container>
+</arquillian>
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/microprofile-tck/jwt/pom.xml
----------------------------------------------------------------------
diff --git a/tck/microprofile-tck/jwt/pom.xml b/tck/microprofile-tck/jwt/pom.xml
new file mode 100644
index 0000000..5377985
--- /dev/null
+++ b/tck/microprofile-tck/jwt/pom.xml
@@ -0,0 +1,192 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.apache.tomee</groupId>
+ <artifactId>microprofile-tck</artifactId>
+ <version>7.0.5-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>microprofile-jwt-tck</artifactId>
+ <name>OpenEJB :: TCK :: MicroProfile JWT TCK</name>
+
+ <dependencies>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>mp-jwt</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-jdk14</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.tomee</groupId>
+ <artifactId>tomee-catalina</artifactId>
+ <version>${project.version}</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- distro -->
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>apache-tomee</artifactId>
+ <version>${project.version}</version>
+ <type>zip</type>
+ <classifier>microprofile</classifier>
+ <scope>test</scope>
+ </dependency>
+
+ <!-- This is the MP-JWT TCK base extension and utility classes -->
+ <dependency>
+ <groupId>org.eclipse.microprofile.jwt</groupId>
+ <artifactId>microprofile-jwt-auth-tck</artifactId>
+ <version>${mp-jwt-tck.version}</version>
+ </dependency>
+
+ <!-- This is the actual MP-JWT TCK test classes -->
+ <dependency>
+ <groupId>org.eclipse.microprofile.jwt</groupId>
+ <artifactId>microprofile-jwt-auth-tck</artifactId>
+ <version>${mp-jwt-tck.version}</version>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.testng</groupId>
+ <artifactId>testng</artifactId>
+ <version>6.9.9</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>arquillian-tomee-remote</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.arquillian.testng</groupId>
+ <artifactId>arquillian-testng-core</artifactId>
+ <version>${version.arquillian}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.shrinkwrap.resolver</groupId>
+ <artifactId>shrinkwrap-resolver-api-maven</artifactId>
+ <version>2.2.2</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.shrinkwrap.resolver</groupId>
+ <artifactId>shrinkwrap-resolver-impl-maven</artifactId>
+ <version>2.2.2</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.shrinkwrap.resolver</groupId>
+ <artifactId>shrinkwrap-resolver-spi</artifactId>
+ <version>2.2.2</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-rs-client</artifactId>
+ <version>${cxf.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <version>2.10</version>
+ <executions>
+ <execution>
+ <id>copy-tck-test-suite-file</id>
+ <phase>generate-test-sources</phase>
+ <goals>
+ <goal>unpack</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.eclipse.microprofile.jwt</groupId>
+ <artifactId>microprofile-jwt-auth-tck</artifactId>
+ <type>test-jar</type>
+ <overWrite>true</overWrite>
+ </artifactItem>
+ </artifactItems>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.17</version>
+ <configuration>
+ <suiteXmlFiles>
+ <!-- TCK does not deliver the xml file for the moment -->
+ <suiteXmlFile>${project.build.directory}/test-classes/dev.xml</suiteXmlFile>
+ </suiteXmlFiles>
+ <systemProperties>
+ <!--<property>-->
+ <!--<name>validation.provider</name>-->
+ <!--<value>${validation.provider}</value>-->
+ <!--</property>-->
+ </systemProperties>
+ <parallel>methods</parallel>
+ <threadCount>4</threadCount>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-report-plugin</artifactId>
+ <version>2.17</version>
+ <executions>
+ <execution>
+ <id>generate-test-report</id>
+ <phase>test</phase>
+ <goals>
+ <goal>report-only</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <outputDirectory>${project.build.directory}/surefire-reports</outputDirectory>
+ <outputName>test-report</outputName>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/microprofile-tck/jwt/src/main/java/org/apache/tomee/microprofile/jwt/JWTAuthContextInfoProvider.java
----------------------------------------------------------------------
diff --git a/tck/microprofile-tck/jwt/src/main/java/org/apache/tomee/microprofile/jwt/JWTAuthContextInfoProvider.java b/tck/microprofile-tck/jwt/src/main/java/org/apache/tomee/microprofile/jwt/JWTAuthContextInfoProvider.java
new file mode 100644
index 0000000..bf0a07f
--- /dev/null
+++ b/tck/microprofile-tck/jwt/src/main/java/org/apache/tomee/microprofile/jwt/JWTAuthContextInfoProvider.java
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt;
+
+import org.apache.tomee.microprofile.jwt.config.JWTAuthContextInfo;
+
+import javax.enterprise.context.Dependent;
+import javax.enterprise.inject.Produces;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Base64;
+import java.util.Optional;
+
+@Dependent
+public class JWTAuthContextInfoProvider {
+
+ @Produces
+ Optional<JWTAuthContextInfo> getOptionalContextInfo() throws NoSuchAlgorithmException, InvalidKeySpecException {
+ JWTAuthContextInfo contextInfo = new JWTAuthContextInfo();
+
+ // todo use MP Config to load the configuration
+ contextInfo.setIssuedBy("https://server.example.com");
+
+ final String pemEncoded = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlivFI8qB4D0y2jy0CfEq" +
+ "Fyy46R0o7S8TKpsx5xbHKoU1VWg6QkQm+ntyIv1p4kE1sPEQO73+HY8+Bzs75XwR" +
+ "TYL1BmR1w8J5hmjVWjc6R2BTBGAYRPFRhor3kpM6ni2SPmNNhurEAHw7TaqszP5e" +
+ "UF/F9+KEBWkwVta+PZ37bwqSE4sCb1soZFrVz/UT/LF4tYpuVYt3YbqToZ3pZOZ9" +
+ "AX2o1GCG3xwOjkc4x0W7ezbQZdC9iftPxVHR8irOijJRRjcPDtA6vPKpzLl6CyYn" +
+ "sIYPd99ltwxTHjr3npfv/3Lw50bAkbT4HeLFxTx4flEoZLKO/g0bAoV2uqBhkA9x" +
+ "nQIDAQAB";
+ byte[] encodedBytes = Base64.getDecoder().decode(pemEncoded);
+
+ final X509EncodedKeySpec spec = new X509EncodedKeySpec(encodedBytes);
+ final KeyFactory kf = KeyFactory.getInstance("RSA");
+ final RSAPublicKey pk = (RSAPublicKey) kf.generatePublic(spec);
+
+ contextInfo.setSignerKey(pk);
+
+ return Optional.of(contextInfo);
+ }
+
+ @Produces
+ JWTAuthContextInfo getContextInfo() throws InvalidKeySpecException, NoSuchAlgorithmException {
+ return getOptionalContextInfo().get();
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/microprofile-tck/jwt/src/main/java/org/apache/tomee/microprofile/jwt/TCKTokenParser.java
----------------------------------------------------------------------
diff --git a/tck/microprofile-tck/jwt/src/main/java/org/apache/tomee/microprofile/jwt/TCKTokenParser.java b/tck/microprofile-tck/jwt/src/main/java/org/apache/tomee/microprofile/jwt/TCKTokenParser.java
new file mode 100644
index 0000000..ae563ec
--- /dev/null
+++ b/tck/microprofile-tck/jwt/src/main/java/org/apache/tomee/microprofile/jwt/TCKTokenParser.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.microprofile.jwt;
+
+import org.apache.tomee.microprofile.jwt.config.JWTAuthContextInfo;
+import org.apache.tomee.microprofile.jwt.principal.DefaultJWTCallerPrincipalFactory;
+import org.apache.tomee.microprofile.jwt.principal.JWTCallerPrincipalFactory;
+import org.eclipse.microprofile.jwt.JsonWebToken;
+import org.eclipse.microprofile.jwt.tck.util.ITokenParser;
+
+import java.security.PublicKey;
+import java.security.interfaces.RSAPublicKey;
+
+/**
+ * MP-JWT TCK harness class to parse a token string
+ */
+public class TCKTokenParser implements ITokenParser {
+
+ @Override
+ public JsonWebToken parse(final String bearerToken, final String issuer, final PublicKey publicKey) throws Exception {
+ final JWTAuthContextInfo authContextInfo = new JWTAuthContextInfo((RSAPublicKey) publicKey, issuer);
+ final JWTCallerPrincipalFactory factory = DefaultJWTCallerPrincipalFactory.instance();
+ return factory.parse(bearerToken, authContextInfo);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/jwt/AppDeploymentExtension.java
----------------------------------------------------------------------
diff --git a/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/jwt/AppDeploymentExtension.java b/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/jwt/AppDeploymentExtension.java
new file mode 100644
index 0000000..f5f2183
--- /dev/null
+++ b/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/jwt/AppDeploymentExtension.java
@@ -0,0 +1,77 @@
+package org.apache.tomee.microprofile.jwt;
+
+import com.nimbusds.jose.JWSSigner;
+import org.apache.openejb.loader.JarLocation;
+import org.eclipse.microprofile.jwt.tck.TCKConstants;
+import org.eclipse.microprofile.jwt.tck.util.TokenUtils;
+import org.jboss.arquillian.container.spi.client.deployment.DeploymentDescription;
+import org.jboss.arquillian.container.test.impl.client.deployment.AnnotationDeploymentScenarioGenerator;
+import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
+import org.jboss.arquillian.container.test.spi.client.deployment.DeploymentScenarioGenerator;
+import org.jboss.arquillian.core.spi.LoadableExtension;
+import org.jboss.arquillian.test.spi.TestClass;
+import org.jboss.shrinkwrap.api.Archive;
+import org.jboss.shrinkwrap.api.Node;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.asset.EmptyAsset;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+
+import java.net.URL;
+import java.util.Collections;
+import java.util.List;
+import java.util.logging.Logger;
+
+public class AppDeploymentExtension implements LoadableExtension {
+ @Override
+ public void register(final ExtensionBuilder extensionBuilder) {
+ extensionBuilder.service(DeploymentScenarioGenerator.class, SimpleDeploymentScenarioGenerator.class);
+ extensionBuilder.service(ApplicationArchiveProcessor.class, MPJWTTCKArchiveProcess.class);
+ }
+
+ public static class SimpleDeploymentScenarioGenerator implements DeploymentScenarioGenerator {
+
+ private final DeploymentScenarioGenerator standard = new AnnotationDeploymentScenarioGenerator();
+ private final DeploymentDescription emptyTestWebApp;
+
+ public SimpleDeploymentScenarioGenerator() {
+ emptyTestWebApp = new DeploymentDescription("mp-jwt-tck.war",
+ ShrinkWrap
+ .create(WebArchive.class, "mp-jwt-tck.war")
+ .addAsLibrary(JarLocation.jarLocation(TokenUtils.class))
+ .addAsLibrary(JarLocation.jarLocation(JWSSigner.class))
+ .addAsLibrary(JarLocation.jarLocation(TCKConstants.class).getAbsolutePath().replace("-tests.jar", "-test-sources.jar"))
+ .add(EmptyAsset.INSTANCE, "WEB-INF/beans.xml"));
+ }
+
+
+ @Override
+ public List<DeploymentDescription> generate(final TestClass testClass) {
+ final List<DeploymentDescription> stdDeploymentDescriptions = standard.generate(testClass);
+
+ if (stdDeploymentDescriptions != null && !stdDeploymentDescriptions.isEmpty()) {
+ return stdDeploymentDescriptions;
+ }
+
+ return Collections.singletonList(emptyTestWebApp);
+ }
+ }
+
+ /**
+ * An ApplicationArchiveProcessor for the MP-JWT TCK if needed
+ * With the current implementation we don't need to do anything
+ */
+ public static class MPJWTTCKArchiveProcess implements ApplicationArchiveProcessor {
+ private static Logger log = Logger.getLogger(MPJWTTCKArchiveProcess.class.getName());
+
+ @Override
+ public void process(final Archive<?> appArchive, final TestClass testClass) {
+ if (!(appArchive instanceof WebArchive)) {
+ return;
+ }
+ final WebArchive war = WebArchive.class.cast(appArchive);
+ war.addClass(JWTAuthContextInfoProvider.class);
+
+ log.info("Augmented war: \n"+war.toString(true));
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/microprofile-tck/jwt/src/test/resources/META-INF/services/org.eclipse.microprofile.jwt.tck.util.ITokenParser
----------------------------------------------------------------------
diff --git a/tck/microprofile-tck/jwt/src/test/resources/META-INF/services/org.eclipse.microprofile.jwt.tck.util.ITokenParser b/tck/microprofile-tck/jwt/src/test/resources/META-INF/services/org.eclipse.microprofile.jwt.tck.util.ITokenParser
new file mode 100644
index 0000000..4dcc059
--- /dev/null
+++ b/tck/microprofile-tck/jwt/src/test/resources/META-INF/services/org.eclipse.microprofile.jwt.tck.util.ITokenParser
@@ -0,0 +1 @@
+org.apache.tomee.microprofile.jwt.TCKTokenParser
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/microprofile-tck/jwt/src/test/resources/META-INF/services/org.jboss.arquillian.core.spi.LoadableExtension
----------------------------------------------------------------------
diff --git a/tck/microprofile-tck/jwt/src/test/resources/META-INF/services/org.jboss.arquillian.core.spi.LoadableExtension b/tck/microprofile-tck/jwt/src/test/resources/META-INF/services/org.jboss.arquillian.core.spi.LoadableExtension
new file mode 100644
index 0000000..98a4867
--- /dev/null
+++ b/tck/microprofile-tck/jwt/src/test/resources/META-INF/services/org.jboss.arquillian.core.spi.LoadableExtension
@@ -0,0 +1 @@
+org.apache.tomee.microprofile.jwt.AppDeploymentExtension
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/microprofile-tck/jwt/src/test/resources/arquillian.xml
----------------------------------------------------------------------
diff --git a/tck/microprofile-tck/jwt/src/test/resources/arquillian.xml b/tck/microprofile-tck/jwt/src/test/resources/arquillian.xml
new file mode 100644
index 0000000..8e7a66b
--- /dev/null
+++ b/tck/microprofile-tck/jwt/src/test/resources/arquillian.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<arquillian
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+ http://jboss.org/schema/arquillian
+ http://jboss.org/schema/arquillian/arquillian_1_0.xsd">
+
+ <container qualifier="tomee" default="true">
+ <configuration>
+ <property name="catalina_opts">-Xmx512m -XX:MaxPermSize=512m</property>
+ <property name="httpPort">-1</property>
+ <property name="stopPort">-1</property>
+ <property name="ajpPort">-1</property>
+ <property name="classifier">microprofile</property>
+ <property name="debug">false</property>
+ <property name="dir">target/tomee-tck</property>
+ <property name="appWorkingDir">target/tck-workdir</property>
+ <property name="simpleLog">true</property>
+ <property name="properties"></property>
+ </configuration>
+ </container>
+</arquillian>
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/microprofile-tck/jwt/src/test/resources/dev.xml
----------------------------------------------------------------------
diff --git a/tck/microprofile-tck/jwt/src/test/resources/dev.xml b/tck/microprofile-tck/jwt/src/test/resources/dev.xml
new file mode 100644
index 0000000..00741d1
--- /dev/null
+++ b/tck/microprofile-tck/jwt/src/test/resources/dev.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<!DOCTYPE suite SYSTEM "http://testng.org/testng-1.0.dtd" >
+<suite name="microprofile-jwt-auth-FullTCK" verbose="1" preserve-order="true" configfailurepolicy="continue" >
+
+ <!-- The required base JAX-RS and CDI based tests that all MP-JWT implementations
+ must pass.
+ -->
+
+ <test name="base-tests" verbose="10">
+ <groups>
+ <define name="base-groups">
+ <include name="arquillian" description="Arquillian internal"/>
+ <include name="utils" description="Utility tests"/>
+ <include name="jwt" description="Base JsonWebToken tests"/>
+ <include name="jaxrs" description="JAX-RS invocation tests"/>
+ <include name="cdi" description="Base CDI injection of ClaimValues"/>
+ <include name="cdi-json" description="CDI injection of JSON-P values"/>
+ <include name="cdi-provider" description="CDI injection of javax.inject.Provider values"/>
+ </define>
+ <define name="excludes">
+ <include name="debug" description="Internal debugging tests" />
+ </define>
+ <run>
+ <include name="base-groups" />
+ <exclude name="excludes" />
+ </run>
+ </groups>
+ <classes>
+ <class name="org.eclipse.microprofile.jwt.tck.parsing.TokenValidationTest" />
+ <class name="org.eclipse.microprofile.jwt.tck.util.TokenUtilsTest" />
+ <class name="org.eclipse.microprofile.jwt.tck.parsing.TestTokenClaimTypesTest" />
+ <class name="org.eclipse.microprofile.jwt.tck.container.jaxrs.UnsecuredPingTest" />
+ <class name="org.eclipse.microprofile.jwt.tck.container.jaxrs.RequiredClaimsTest" />
+ <class name="org.eclipse.microprofile.jwt.tck.container.jaxrs.PrimitiveInjectionTest" />
+ <class name="org.eclipse.microprofile.jwt.tck.container.jaxrs.ClaimValueInjectionTest" />
+ <class name="org.eclipse.microprofile.jwt.tck.container.jaxrs.JsonValueInjectionTest" />
+ <class name="org.eclipse.microprofile.jwt.tck.container.jaxrs.ProviderInjectionTest" />
+ <class name="org.eclipse.microprofile.jwt.tck.container.jaxrs.InvalidTokenTest" />
+ <class name="org.eclipse.microprofile.jwt.tck.container.jaxrs.RolesAllowedTest" />
+ <class name="org.eclipse.microprofile.jwt.tck.container.jaxrs.RolesAllowedTest" />
+ <!--
+ -->
+ </classes>
+ </test>
+
+ <test name="extended-tests" verbose="10">
+ <groups>
+ <define name="extended-groups">
+ <include name="arquillian" description="Arquillian internal"/>
+ <include name="ejb-optional" description="EJB container integration tests"/>
+ <include name="jacc-optional" description="JACC API integration tests"/>
+ <include name="servlet-optional" description="Servlet container integration tests"/>
+ <include name="ee-security-optional" description="Java EE security feature tests"/>
+ </define>
+ <define name="excludes">
+ <include name="debug" description="Internal debugging tests" />
+ </define>
+ <run>
+ <include name="extended-groups" />
+ <exclude name="excludes" />
+ </run>
+ </groups>
+ <classes>
+ <class name="org.eclipse.microprofile.jwt.tck.container.ejb.EjbTest" >
+ <methods>
+ <!-- Excluded cause we never really enforce ACC context for EJB Calls in TomEE -->
+ <exclude name="getSubjectClass"/>
+ </methods>
+ </class>
+
+ <class name="org.eclipse.microprofile.jwt.tck.container.servlet.ServletTest" />
+ <class name="org.eclipse.microprofile.jwt.tck.container.jacc.SubjectTest" />
+ <!--
+ -->
+ </classes>
+ </test>
+</suite>
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/microprofile-tck/pom.xml
----------------------------------------------------------------------
diff --git a/tck/microprofile-tck/pom.xml b/tck/microprofile-tck/pom.xml
new file mode 100644
index 0000000..f3c528f
--- /dev/null
+++ b/tck/microprofile-tck/pom.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.tomee</groupId>
+ <artifactId>tck</artifactId>
+ <version>7.0.5-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>microprofile-tck</artifactId>
+ <packaging>pom</packaging>
+ <name>OpenEJB :: TCK :: MicroProfile</name>
+
+ <modules>
+ <module>config</module>
+ <module>jwt</module>
+ </modules>
+
+</project>
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tck/pom.xml
----------------------------------------------------------------------
diff --git a/tck/pom.xml b/tck/pom.xml
index 774c80b..8a672f4 100644
--- a/tck/pom.xml
+++ b/tck/pom.xml
@@ -36,6 +36,7 @@
<module>cdi-embedded</module>
<module>cdi-tomee</module>
<module>bval-tomee</module>
+ <module>microprofile-tck</module>
<!-- TODO: either really use this module or delete it -->
<module>bval-embedded</module>
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tomee/apache-tomee/pom.xml
----------------------------------------------------------------------
diff --git a/tomee/apache-tomee/pom.xml b/tomee/apache-tomee/pom.xml
index 9cc3790..4484905 100644
--- a/tomee/apache-tomee/pom.xml
+++ b/tomee/apache-tomee/pom.xml
@@ -36,6 +36,7 @@
<webprofile.work-dir>${project.build.directory}/webprofile-work-dir</webprofile.work-dir>
<plus.work-dir>${project.build.directory}/plus-work-dir</plus.work-dir>
<plume.work-dir>${project.build.directory}/plume-work-dir</plume.work-dir>
+ <microprofile.work-dir>${project.build.directory}/microprofile-work-dir</microprofile.work-dir>
</properties>
<dependencies>
@@ -91,6 +92,13 @@
<type>war</type>
<scope>provided</scope>
</dependency>
+ <dependency> <!-- to be sure to have it -->
+ <groupId>${project.groupId}</groupId>
+ <artifactId>tomee-microprofile-webapp</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ <scope>provided</scope>
+ </dependency>
<!-- needed for EJBContainer impl so scope compile -->
<dependency>
@@ -225,6 +233,25 @@
</artifactItems>
</configuration>
</execution>
+ <execution>
+ <id>copy-tomcat-for-microprofile</id>
+ <phase>process-resources</phase>
+ <goals>
+ <goal>copy</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.apache.tomcat</groupId>
+ <artifactId>tomcat</artifactId>
+ <version>${tomcat.version}</version>
+ <type>zip</type>
+ <outputDirectory>${microprofile.work-dir}</outputDirectory>
+ <destFileName>apache-tomcat-${tomcat.version}.zip</destFileName>
+ </artifactItem>
+ </artifactItems>
+ </configuration>
+ </execution>
</executions>
</plugin>
@@ -323,6 +350,22 @@
</source>
</configuration>
</execution>
+ <execution>
+ <id>execute-microprofile-installer</id>
+ <phase>prepare-package</phase>
+ <goals>
+ <goal>execute</goal>
+ </goals>
+ <configuration>
+ <properties>
+ <tomee.workdir>${microprofile.work-dir}</tomee.workdir>
+ <tomee.webapp>tomee-microprofile-webapp</tomee.webapp>
+ </properties>
+ <source>
+ new commands.SetupCommand(pom: this, log: log, project: project, ant: ant, properties: properties).execute()
+ </source>
+ </configuration>
+ </execution>
</executions>
</plugin>
@@ -375,6 +418,21 @@
<goal>single</goal>
</goals>
</execution>
+ <execution>
+ <id>microprofile</id>
+ <phase>package</phase>
+ <configuration>
+ <descriptors>
+ <descriptor>src/main/assembly/tomee-microprofile.xml</descriptor>
+ </descriptors>
+ <attach>false</attach>
+ <appendAssemblyId>false</appendAssemblyId>
+ <finalName>apache-tomee-microprofile-${project.version}</finalName>
+ </configuration>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ </execution>
</executions>
</plugin>
@@ -420,6 +478,16 @@
<type>tar.gz</type>
<classifier>plume</classifier>
</artifact>
+ <artifact>
+ <file>${project.build.directory}/apache-tomee-microprofile-${project.version}.zip</file>
+ <type>zip</type>
+ <classifier>microprofile</classifier>
+ </artifact>
+ <artifact>
+ <file>${project.build.directory}/apache-tomee-microprofile-${project.version}.tar.gz</file>
+ <type>tar.gz</type>
+ <classifier>microprofile</classifier>
+ </artifact>
</artifacts>
</configuration>
</execution>
@@ -428,4 +496,4 @@
</plugins>
</build>
-</project>
+</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tomee/apache-tomee/src/main/assembly/tomee-microprofile.xml
----------------------------------------------------------------------
diff --git a/tomee/apache-tomee/src/main/assembly/tomee-microprofile.xml b/tomee/apache-tomee/src/main/assembly/tomee-microprofile.xml
new file mode 100644
index 0000000..7c2d074
--- /dev/null
+++ b/tomee/apache-tomee/src/main/assembly/tomee-microprofile.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- $Rev: 576067 $ $Date: 2007-09-16 03:17:08 -0700 (Sun, 16 Sep 2007) $ -->
+
+<assembly>
+ <id>tomee-microprofile</id>
+ <formats>
+ <format>tar.gz</format>
+ <format>zip</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+ <fileSets>
+ <fileSet>
+ <directory>${microprofile.work-dir}/apache-tomcat-${tomcat.version}</directory>
+ <outputDirectory>/apache-tomee-microprofile-${project.version}</outputDirectory>
+ <includes>
+ <include>**/*</include>
+ </includes>
+ <excludes>
+ <exclude>LICENSE</exclude>
+ <exclude>NOTICE</exclude>
+ <exclude>**/bin/**/*</exclude>
+ <exclude>**/lib/tomcat-annotations-api*.jar</exclude>
+ </excludes>
+ </fileSet>
+ <fileSet>
+ <directory>${project.basedir}/target/maven-shared-archive-resources/META-INF/</directory>
+ <outputDirectory>/apache-tomee-microprofile-${project.version}</outputDirectory>
+ <includes>
+ <include>LICENSE</include>
+ </includes>
+ </fileSet>
+ <fileSet>
+ <directory>${project.basedir}/src/main/resources/META-INF/microprofile/</directory>
+ <outputDirectory>/apache-tomee-microprofile-${project.version}</outputDirectory>
+ <includes>
+ <include>*</include>
+ </includes>
+ </fileSet>
+ <fileSet>
+ <directory>${project.basedir}/target/classes</directory>
+ <outputDirectory>/apache-tomee-microprofile-${project.version}/bin</outputDirectory>
+ <includes>
+ <include>service.*</include>
+ <include>TomEE.*</include>
+ <include>tomee.bat</include>
+ </includes>
+ </fileSet>
+ <fileSet>
+ <directory>${project.basedir}/target/classes</directory>
+ <outputDirectory>/apache-tomee-microprofile-${project.version}/bin</outputDirectory>
+ <includes>
+ <include>*.sh</include>
+ </includes>
+ <fileMode>0755</fileMode>
+ </fileSet>
+ <fileSet>
+ <directory>${microprofile.work-dir}/apache-tomcat-${tomcat.version}</directory>
+ <outputDirectory>/apache-tomee-microprofile-${project.version}</outputDirectory>
+ <includes>
+ <include>**/bin/**/*</include>
+ </includes>
+ <fileMode>0755</fileMode>
+ </fileSet>
+ </fileSets>
+</assembly>
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tomee/pom.xml
----------------------------------------------------------------------
diff --git a/tomee/pom.xml b/tomee/pom.xml
index 2a299cf..c92e163 100644
--- a/tomee/pom.xml
+++ b/tomee/pom.xml
@@ -47,6 +47,7 @@
<module>tomee-plume-webapp</module>
<module>tomee-webservices</module>
<module>tomee-embedded</module>
+ <module>tomee-microprofile-webapp</module>
<module>apache-tomee</module>
<module>tomee-util</module>
<module>tomee-juli</module>
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tomee/tomee-microprofile-webapp/pom.xml
----------------------------------------------------------------------
diff --git a/tomee/tomee-microprofile-webapp/pom.xml b/tomee/tomee-microprofile-webapp/pom.xml
new file mode 100644
index 0000000..30f29d2
--- /dev/null
+++ b/tomee/tomee-microprofile-webapp/pom.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- $Rev: 600338 $ $Date: 2007-12-02 09:08:04 -0800 (Sun, 02 Dec 2007) $ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <artifactId>tomee</artifactId>
+ <groupId>org.apache.tomee</groupId>
+ <version>7.0.5-SNAPSHOT</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>tomee-microprofile-webapp</artifactId>
+ <name>OpenEJB :: TomEE :: MicroProfile Webapp</name>
+ <packaging>war</packaging>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+
+ <microprofile.config.api.version>1.3-SNAPSHOT</microprofile.config.api.version>
+ <microprofile.config.impl.version>1.2-SNAPSHOT</microprofile.config.impl.version>
+
+ <microprofile.jwt.api.version>1.1-SNAPSHOT</microprofile.jwt.api.version>
+ <microprofile.jwt.impl.version>${project.version}</microprofile.jwt.impl.version>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>tomee-webapp</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ </dependency>
+
+ <dependency>
+ <groupId>org.eclipse.microprofile.config</groupId>
+ <artifactId>microprofile-config-api</artifactId>
+ <version>${microprofile.config.api.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.geronimo.config</groupId>
+ <artifactId>geronimo-config-impl</artifactId>
+ <version>${microprofile.config.impl.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.eclipse.microprofile.jwt</groupId>
+ <artifactId>microprofile-jwt-auth-api</artifactId>
+ <version>${microprofile.jwt.api.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>mp-jwt</artifactId>
+ <version>${microprofile.jwt.impl.version}</version>
+ </dependency>
+
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>war</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <appendAssemblyId>false</appendAssemblyId>
+ <descriptors>
+ <descriptor>src/main/assembly/war.xml</descriptor>
+ </descriptors>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
http://git-wip-us.apache.org/repos/asf/tomee/blob/c456f4be/tomee/tomee-microprofile-webapp/src/main/assembly/war.xml
----------------------------------------------------------------------
diff --git a/tomee/tomee-microprofile-webapp/src/main/assembly/war.xml b/tomee/tomee-microprofile-webapp/src/main/assembly/war.xml
new file mode 100644
index 0000000..9a7ba10
--- /dev/null
+++ b/tomee/tomee-microprofile-webapp/src/main/assembly/war.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<assembly>
+ <id>war</id>
+ <formats>
+ <format>war</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+ <fileSets>
+ <fileSet>
+ <directory>target/maven-shared-archive-resources</directory>
+ <outputDirectory>/</outputDirectory>
+ </fileSet>
+ <fileSet>
+ <directory>${project.basedir}</directory>
+ <includes>
+ <include>README.txt</include>
+ </includes>
+ </fileSet>
+ <fileSet>
+ <directory>${project.basedir}/src/main/webapp</directory>
+ <outputDirectory>/</outputDirectory>
+ </fileSet>
+ <fileSet>
+ <directory>${project.basedir}/target/classes</directory>
+ <outputDirectory>/</outputDirectory>
+ <excludes>
+ <exclude>org/**</exclude>
+ <exclude>META-INF/LICENSE</exclude>
+ <exclude>META-INF/NOTICE</exclude>
+ </excludes>
+ </fileSet>
+ <fileSet>
+ <directory>${project.basedir}/target/classes</directory>
+ <outputDirectory>WEB-INF/classes</outputDirectory>
+ <excludes>
+ <exclude>META-INF/LICENSE</exclude>
+ <exclude>META-INF/NOTICE</exclude>
+ </excludes>
+ </fileSet>
+ <fileSet>
+ <directory>${project.build.directory}/${project.artifactId}-${project.version}/</directory>
+ <outputDirectory>/</outputDirectory>
+ <includes>
+ <include>WEB-INF/web.xml</include>
+ <include>WEB-INF/classes/**</include>
+ <include>**/*.html</include>
+ <include>**/*.css</include>
+ <include>**/*.js</include>
+ <include>lib/*.jar</include>
+ </includes>
+ </fileSet>
+ </fileSets>
+ <dependencySets>
+ <dependencySet>
+ <outputDirectory>lib</outputDirectory>
+ <scope>runtime</scope>
+ <excludes>
+ <!-- provided -->
+ <exclude>org.apache.tomcat:*</exclude>
+ <!-- wars and pom -->
+ <exclude>*:war</exclude>
+ <exclude>*:pom</exclude>
+ </excludes>
+ </dependencySet>
+ <dependencySet>
+ <outputDirectory>WEB-INF/lib</outputDirectory>
+ <scope>runtime</scope>
+ <includes>
+ <include>org.apache.tomee:tomee-loader</include>
+ <include>org.codehaus.swizzle:swizzle-stream</include>
+ </includes>
+ </dependencySet>
+ </dependencySets>
+</assembly>
+