You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by COURTAULT Francois <Fr...@gemalto.com> on 2019/02/22 15:56:13 UTC
Try to build a JWT sample
Hello,
I try to build a simple sample using TomEE MP 7.1.0 but I get an error and I don't know what's going on or how I can fix that.
For that, I have read the microprofile-jwt-auth-spec-1.0.pdf, so in my war application deployed:
* I have a public class MPJwtApplication extends Application annotated with @LoginConfig(authMethod = "MP-JWT", realmName = "TCK-MP-JWT")
* I have a resource class annotated @Path("resources") @RequestScoped where I have
o @Inject private JsonWebToken callerPrincipal;
o A @GET public Response test () { System.out.println("JsonWebToken:" + callerPrincipal + "."); return Response.ok().build();}
In the war deployed, I also have a beans.xml with the following content:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd"
bean-discovery-mode="all">
</beans>
Using Soap UI, I send a GET HTTP request with an Authorization header: bearer <JWT Base 64 encoded>, the error I get is:
22-Feb-2019 15:32:43.729 WARNING [http-nio-8080-exec-20] org.apache.cxf.phase.PhaseInterceptorChain.doDefaultLogging Application {http://jwt.mp/}MPJwtResource has thrown exception, unwinding now org.apache.cxf.interceptor.Fault: WebBeans producer : currentPrincipal return type in the component implementation class : org.apache.tomee.microprofile.jwt.cdi.MPJWTProducer scope type must be @Dependent to create null instance
I was expecting to have the callerPrincipal set to null but why this CDI @Dependent scope error stuff ?
Any idea ?
Best Regards.
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Re: Try to build a JWT sample
Posted by Josef Puff <jo...@gmail.com>.
thx u :)
> Am 25.02.2019 um 15:30 schrieb Jean-Louis Monteiro <jl...@tomitribe.com>:
>
> users-unsubscribe@tomee.apache.org <ma...@tomee.apache.org>
Re: Try to build a JWT sample
Posted by Jean-Louis Monteiro <jl...@tomitribe.com>.
Hi Josef,
I don't know how to do it on your behalf.
But you can do it yourself by sending an email to
users-unsubscribe@tomee.apache.org
Hope it helps
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Mon, Feb 25, 2019 at 3:28 PM Josef Puff <jo...@gmail.com> wrote:
> Please remove me from the mailing list.
>
> thx
>
> > Am 25.02.2019 um 15:28 schrieb Jean-Louis Monteiro <
> jlmonteiro@tomitribe.com>:
> >
> > Yes that correct.
> > You need to plugin that producer and the producer is the one that can
> > leverage mp-config and the same property names.
> >
> > This way, when switching to next TomEE, you only need to yank that
> producer
> > and it should work out of the box.
> >
> > --
> > Jean-Louis Monteiro
> > http://twitter.com/jlouismonteiro
> > http://www.tomitribe.com
> >
> >
> > On Mon, Feb 25, 2019 at 10:18 AM COURTAULT Francois <
> > Francois.Courtault@gemalto.com> wrote:
> >
> >> Hello Jean-Louis,
> >>
> >> I have looked at the samples code.
> >> As I am using TomEE 7.1.0 (MP JWT 1.0 compliant), I guess I can't use
> the
> >> mp.jwt.verify.publickey or mp.jwt.verify.publickey.location and
> >> mp.jwt.verify.issuer config properties, right ?
> >>
> >> Instead, I have to write a XXXMPJWTConfigurationProvider class in order
> to
> >> generate a context info having the public key to check the JWT
> signature,
> >> right ?
> >>
> >> Best Regards.
> >>
> >> -----Original Message-----
> >> From: Jean-Louis Monteiro [mailto:jlmonteiro@tomitribe.com]
> >> Sent: samedi 23 février 2019 11:22
> >> To: users@tomee.apache.org
> >> Subject: Re: Try to build a JWT sample
> >>
> >> Bonjour François,
> >>
> >> Is there a way for you to share the project?
> >> I worked on the JWT implementation and the example, I might be able to
> >> help.
> >> --
> >> Jean-Louis Monteiro
> >>
> >>
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2Fjlouismonteiro&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=ovFBgowFCnAAMD0mMFccdi5ze2SMZPLEPnr9cRDIFqc%3D&reserved=0
> >>
> >>
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.tomitribe.com&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=we33aDDG%2F2O7KR7Q3yDd7ZyRbgpnYE3p0XEz0OtbjQQ%3D&reserved=0
> >>
> >>
> >> On Fri, Feb 22, 2019 at 4:56 PM COURTAULT Francois <
> >> Francois.Courtault@gemalto.com> wrote:
> >>
> >>> Hello,
> >>>
> >>> I try to build a simple sample using TomEE MP 7.1.0 but I get an error
> >>> and I don't know what's going on or how I can fix that.
> >>> For that, I have read the microprofile-jwt-auth-spec-1.0.pdf, so in my
> >>> war application deployed:
> >>>
> >>> * I have a public class MPJwtApplication extends Application
> >>> annotated with @LoginConfig(authMethod = "MP-JWT", realmName =
> >>> "TCK-MP-JWT")
> >>>
> >>> * I have a resource class annotated @Path("resources")
> >>> @RequestScoped where I have
> >>>
> >>> o @Inject private JsonWebToken callerPrincipal;
> >>>
> >>> o A @GET public Response test () {
> System.out.println("JsonWebToken:"
> >> +
> >>> callerPrincipal + "."); return Response.ok().build();}
> >>>
> >>>
> >>>
> >>> In the war deployed, I also have a beans.xml with the following
> content:
> >>>
> >>> <?xml version="1.0" encoding="UTF-8"?> <beans
> >>> xmlns="
> >>
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=SguBgQ1i0q3857p347Kz5DUEBQg0rPB87HEf9RhDLfo%3D&reserved=0
> >> "
> >>> xmlns:xsi="
> >>
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=b7SQw7g52Y8goyvKLR78uR9so5q2D%2BPZH5bAMl%2Bsh1Y%3D&reserved=0
> >> "
> >>>
> >>> xsi:schemaLocation="https://emea01.safelinks.protection.outlook.com/?u
> >>> rl=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee&data=02%7C01%7CF
> >>> rancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C3
> >>> 7d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata
> >>> =SguBgQ1i0q3857p347Kz5DUEBQg0rPB87HEf9RhDLfo%3D&reserved=0
> >>>
> >>
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee%2Fbeans_1_1.xsd&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=UAMyzrxk%2BU2%2BMxNBvKe%2FFGTkQmFj7xq%2BtJC8YFrWWuk%3D&reserved=0
> >> "
> >>> bean-discovery-mode="all">
> >>>
> >>> </beans>
> >>>
> >>>
> >>>
> >>> Using Soap UI, I send a GET HTTP request with an Authorization header:
> >>> bearer <JWT Base 64 encoded>, the error I get is:
> >>>
> >>> 22-Feb-2019 15:32:43.729 WARNING [http-nio-8080-exec-20]
> >>> org.apache.cxf.phase.PhaseInterceptorChain.doDefaultLogging
> >>> Application {
> >>> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjwt.
> >>> mp%2F&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db
> >>> 874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C63
> >>> 6865141334006978&sdata=5gjcfEjv5a%2BqTNyXk1ztdt1pnLE5JIevOexg28%2F
> >>> cWlU%3D&reserved=0}MPJwtResource has thrown exception, unwinding
> >>> now
> >>> org.apache.cxf.interceptor.Fault: WebBeans producer : currentPrincipal
> >>> return type in the component implementation class :
> >>> org.apache.tomee.microprofile.jwt.cdi.MPJWTProducer scope type must be
> >>> @Dependent to create null instance
> >>>
> >>>
> >>>
> >>> I was expecting to have the callerPrincipal set to null but why this
> >>> CDI @Dependent scope error stuff ?
> >>>
> >>>
> >>> Any idea ?
> >>>
> >>> Best Regards.
> >>> ________________________________
> >>> This message and any attachments are intended solely for the
> >>> addressees and may contain confidential information. Any unauthorized
> >>> use or disclosure, either whole or partial, is prohibited.
> >>> E-mails are susceptible to alteration. Our company shall not be liable
> >>> for the message if altered, changed or falsified. If you are not the
> >>> intended recipient of this message, please delete it and notify the
> >> sender.
> >>> Although all reasonable efforts have been made to keep this
> >>> transmission free from viruses, the sender will not be liable for
> >>> damages caused by a transmitted virus.
> >>>
> >> ________________________________
> >> This message and any attachments are intended solely for the addressees
> >> and may contain confidential information. Any unauthorized use or
> >> disclosure, either whole or partial, is prohibited.
> >> E-mails are susceptible to alteration. Our company shall not be liable
> for
> >> the message if altered, changed or falsified. If you are not the
> intended
> >> recipient of this message, please delete it and notify the sender.
> >> Although all reasonable efforts have been made to keep this transmission
> >> free from viruses, the sender will not be liable for damages caused by a
> >> transmitted virus.
> >>
>
>
Re: Try to build a JWT sample
Posted by Josef Puff <jo...@gmail.com>.
Please remove me from the mailing list.
thx
> Am 25.02.2019 um 15:28 schrieb Jean-Louis Monteiro <jl...@tomitribe.com>:
>
> Yes that correct.
> You need to plugin that producer and the producer is the one that can
> leverage mp-config and the same property names.
>
> This way, when switching to next TomEE, you only need to yank that producer
> and it should work out of the box.
>
> --
> Jean-Louis Monteiro
> http://twitter.com/jlouismonteiro
> http://www.tomitribe.com
>
>
> On Mon, Feb 25, 2019 at 10:18 AM COURTAULT Francois <
> Francois.Courtault@gemalto.com> wrote:
>
>> Hello Jean-Louis,
>>
>> I have looked at the samples code.
>> As I am using TomEE 7.1.0 (MP JWT 1.0 compliant), I guess I can't use the
>> mp.jwt.verify.publickey or mp.jwt.verify.publickey.location and
>> mp.jwt.verify.issuer config properties, right ?
>>
>> Instead, I have to write a XXXMPJWTConfigurationProvider class in order to
>> generate a context info having the public key to check the JWT signature,
>> right ?
>>
>> Best Regards.
>>
>> -----Original Message-----
>> From: Jean-Louis Monteiro [mailto:jlmonteiro@tomitribe.com]
>> Sent: samedi 23 février 2019 11:22
>> To: users@tomee.apache.org
>> Subject: Re: Try to build a JWT sample
>>
>> Bonjour François,
>>
>> Is there a way for you to share the project?
>> I worked on the JWT implementation and the example, I might be able to
>> help.
>> --
>> Jean-Louis Monteiro
>>
>> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2Fjlouismonteiro&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=ovFBgowFCnAAMD0mMFccdi5ze2SMZPLEPnr9cRDIFqc%3D&reserved=0
>>
>> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.tomitribe.com&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=we33aDDG%2F2O7KR7Q3yDd7ZyRbgpnYE3p0XEz0OtbjQQ%3D&reserved=0
>>
>>
>> On Fri, Feb 22, 2019 at 4:56 PM COURTAULT Francois <
>> Francois.Courtault@gemalto.com> wrote:
>>
>>> Hello,
>>>
>>> I try to build a simple sample using TomEE MP 7.1.0 but I get an error
>>> and I don't know what's going on or how I can fix that.
>>> For that, I have read the microprofile-jwt-auth-spec-1.0.pdf, so in my
>>> war application deployed:
>>>
>>> * I have a public class MPJwtApplication extends Application
>>> annotated with @LoginConfig(authMethod = "MP-JWT", realmName =
>>> "TCK-MP-JWT")
>>>
>>> * I have a resource class annotated @Path("resources")
>>> @RequestScoped where I have
>>>
>>> o @Inject private JsonWebToken callerPrincipal;
>>>
>>> o A @GET public Response test () { System.out.println("JsonWebToken:"
>> +
>>> callerPrincipal + "."); return Response.ok().build();}
>>>
>>>
>>>
>>> In the war deployed, I also have a beans.xml with the following content:
>>>
>>> <?xml version="1.0" encoding="UTF-8"?> <beans
>>> xmlns="
>> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=SguBgQ1i0q3857p347Kz5DUEBQg0rPB87HEf9RhDLfo%3D&reserved=0
>> "
>>> xmlns:xsi="
>> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=b7SQw7g52Y8goyvKLR78uR9so5q2D%2BPZH5bAMl%2Bsh1Y%3D&reserved=0
>> "
>>>
>>> xsi:schemaLocation="https://emea01.safelinks.protection.outlook.com/?u
>>> rl=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee&data=02%7C01%7CF
>>> rancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C3
>>> 7d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata
>>> =SguBgQ1i0q3857p347Kz5DUEBQg0rPB87HEf9RhDLfo%3D&reserved=0
>>>
>> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee%2Fbeans_1_1.xsd&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=UAMyzrxk%2BU2%2BMxNBvKe%2FFGTkQmFj7xq%2BtJC8YFrWWuk%3D&reserved=0
>> "
>>> bean-discovery-mode="all">
>>>
>>> </beans>
>>>
>>>
>>>
>>> Using Soap UI, I send a GET HTTP request with an Authorization header:
>>> bearer <JWT Base 64 encoded>, the error I get is:
>>>
>>> 22-Feb-2019 15:32:43.729 WARNING [http-nio-8080-exec-20]
>>> org.apache.cxf.phase.PhaseInterceptorChain.doDefaultLogging
>>> Application {
>>> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjwt.
>>> mp%2F&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db
>>> 874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C63
>>> 6865141334006978&sdata=5gjcfEjv5a%2BqTNyXk1ztdt1pnLE5JIevOexg28%2F
>>> cWlU%3D&reserved=0}MPJwtResource has thrown exception, unwinding
>>> now
>>> org.apache.cxf.interceptor.Fault: WebBeans producer : currentPrincipal
>>> return type in the component implementation class :
>>> org.apache.tomee.microprofile.jwt.cdi.MPJWTProducer scope type must be
>>> @Dependent to create null instance
>>>
>>>
>>>
>>> I was expecting to have the callerPrincipal set to null but why this
>>> CDI @Dependent scope error stuff ?
>>>
>>>
>>> Any idea ?
>>>
>>> Best Regards.
>>> ________________________________
>>> This message and any attachments are intended solely for the
>>> addressees and may contain confidential information. Any unauthorized
>>> use or disclosure, either whole or partial, is prohibited.
>>> E-mails are susceptible to alteration. Our company shall not be liable
>>> for the message if altered, changed or falsified. If you are not the
>>> intended recipient of this message, please delete it and notify the
>> sender.
>>> Although all reasonable efforts have been made to keep this
>>> transmission free from viruses, the sender will not be liable for
>>> damages caused by a transmitted virus.
>>>
>> ________________________________
>> This message and any attachments are intended solely for the addressees
>> and may contain confidential information. Any unauthorized use or
>> disclosure, either whole or partial, is prohibited.
>> E-mails are susceptible to alteration. Our company shall not be liable for
>> the message if altered, changed or falsified. If you are not the intended
>> recipient of this message, please delete it and notify the sender.
>> Although all reasonable efforts have been made to keep this transmission
>> free from viruses, the sender will not be liable for damages caused by a
>> transmitted virus.
>>
Re: Try to build a JWT sample
Posted by Jean-Louis Monteiro <jl...@tomitribe.com>.
Yes that correct.
You need to plugin that producer and the producer is the one that can
leverage mp-config and the same property names.
This way, when switching to next TomEE, you only need to yank that producer
and it should work out of the box.
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Mon, Feb 25, 2019 at 10:18 AM COURTAULT Francois <
Francois.Courtault@gemalto.com> wrote:
> Hello Jean-Louis,
>
> I have looked at the samples code.
> As I am using TomEE 7.1.0 (MP JWT 1.0 compliant), I guess I can't use the
> mp.jwt.verify.publickey or mp.jwt.verify.publickey.location and
> mp.jwt.verify.issuer config properties, right ?
>
> Instead, I have to write a XXXMPJWTConfigurationProvider class in order to
> generate a context info having the public key to check the JWT signature,
> right ?
>
> Best Regards.
>
> -----Original Message-----
> From: Jean-Louis Monteiro [mailto:jlmonteiro@tomitribe.com]
> Sent: samedi 23 février 2019 11:22
> To: users@tomee.apache.org
> Subject: Re: Try to build a JWT sample
>
> Bonjour François,
>
> Is there a way for you to share the project?
> I worked on the JWT implementation and the example, I might be able to
> help.
> --
> Jean-Louis Monteiro
>
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2Fjlouismonteiro&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=ovFBgowFCnAAMD0mMFccdi5ze2SMZPLEPnr9cRDIFqc%3D&reserved=0
>
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.tomitribe.com&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=we33aDDG%2F2O7KR7Q3yDd7ZyRbgpnYE3p0XEz0OtbjQQ%3D&reserved=0
>
>
> On Fri, Feb 22, 2019 at 4:56 PM COURTAULT Francois <
> Francois.Courtault@gemalto.com> wrote:
>
> > Hello,
> >
> > I try to build a simple sample using TomEE MP 7.1.0 but I get an error
> > and I don't know what's going on or how I can fix that.
> > For that, I have read the microprofile-jwt-auth-spec-1.0.pdf, so in my
> > war application deployed:
> >
> > * I have a public class MPJwtApplication extends Application
> > annotated with @LoginConfig(authMethod = "MP-JWT", realmName =
> > "TCK-MP-JWT")
> >
> > * I have a resource class annotated @Path("resources")
> > @RequestScoped where I have
> >
> > o @Inject private JsonWebToken callerPrincipal;
> >
> > o A @GET public Response test () { System.out.println("JsonWebToken:"
> +
> > callerPrincipal + "."); return Response.ok().build();}
> >
> >
> >
> > In the war deployed, I also have a beans.xml with the following content:
> >
> > <?xml version="1.0" encoding="UTF-8"?> <beans
> > xmlns="
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=SguBgQ1i0q3857p347Kz5DUEBQg0rPB87HEf9RhDLfo%3D&reserved=0
> "
> > xmlns:xsi="
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=b7SQw7g52Y8goyvKLR78uR9so5q2D%2BPZH5bAMl%2Bsh1Y%3D&reserved=0
> "
> >
> > xsi:schemaLocation="https://emea01.safelinks.protection.outlook.com/?u
> > rl=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee&data=02%7C01%7CF
> > rancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C3
> > 7d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata
> > =SguBgQ1i0q3857p347Kz5DUEBQg0rPB87HEf9RhDLfo%3D&reserved=0
> >
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee%2Fbeans_1_1.xsd&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=UAMyzrxk%2BU2%2BMxNBvKe%2FFGTkQmFj7xq%2BtJC8YFrWWuk%3D&reserved=0
> "
> > bean-discovery-mode="all">
> >
> > </beans>
> >
> >
> >
> > Using Soap UI, I send a GET HTTP request with an Authorization header:
> > bearer <JWT Base 64 encoded>, the error I get is:
> >
> > 22-Feb-2019 15:32:43.729 WARNING [http-nio-8080-exec-20]
> > org.apache.cxf.phase.PhaseInterceptorChain.doDefaultLogging
> > Application {
> > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjwt.
> > mp%2F&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db
> > 874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C63
> > 6865141334006978&sdata=5gjcfEjv5a%2BqTNyXk1ztdt1pnLE5JIevOexg28%2F
> > cWlU%3D&reserved=0}MPJwtResource has thrown exception, unwinding
> > now
> > org.apache.cxf.interceptor.Fault: WebBeans producer : currentPrincipal
> > return type in the component implementation class :
> > org.apache.tomee.microprofile.jwt.cdi.MPJWTProducer scope type must be
> > @Dependent to create null instance
> >
> >
> >
> > I was expecting to have the callerPrincipal set to null but why this
> > CDI @Dependent scope error stuff ?
> >
> >
> > Any idea ?
> >
> > Best Regards.
> > ________________________________
> > This message and any attachments are intended solely for the
> > addressees and may contain confidential information. Any unauthorized
> > use or disclosure, either whole or partial, is prohibited.
> > E-mails are susceptible to alteration. Our company shall not be liable
> > for the message if altered, changed or falsified. If you are not the
> > intended recipient of this message, please delete it and notify the
> sender.
> > Although all reasonable efforts have been made to keep this
> > transmission free from viruses, the sender will not be liable for
> > damages caused by a transmitted virus.
> >
> ________________________________
> This message and any attachments are intended solely for the addressees
> and may contain confidential information. Any unauthorized use or
> disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for
> the message if altered, changed or falsified. If you are not the intended
> recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission
> free from viruses, the sender will not be liable for damages caused by a
> transmitted virus.
>
RE: Try to build a JWT sample
Posted by COURTAULT Francois <Fr...@gemalto.com>.
Hello Jean-Louis,
I have looked at the samples code.
As I am using TomEE 7.1.0 (MP JWT 1.0 compliant), I guess I can't use the mp.jwt.verify.publickey or mp.jwt.verify.publickey.location and mp.jwt.verify.issuer config properties, right ?
Instead, I have to write a XXXMPJWTConfigurationProvider class in order to generate a context info having the public key to check the JWT signature, right ?
Best Regards.
-----Original Message-----
From: Jean-Louis Monteiro [mailto:jlmonteiro@tomitribe.com]
Sent: samedi 23 février 2019 11:22
To: users@tomee.apache.org
Subject: Re: Try to build a JWT sample
Bonjour François,
Is there a way for you to share the project?
I worked on the JWT implementation and the example, I might be able to help.
--
Jean-Louis Monteiro
https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2Fjlouismonteiro&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=ovFBgowFCnAAMD0mMFccdi5ze2SMZPLEPnr9cRDIFqc%3D&reserved=0
https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.tomitribe.com&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=we33aDDG%2F2O7KR7Q3yDd7ZyRbgpnYE3p0XEz0OtbjQQ%3D&reserved=0
On Fri, Feb 22, 2019 at 4:56 PM COURTAULT Francois < Francois.Courtault@gemalto.com> wrote:
> Hello,
>
> I try to build a simple sample using TomEE MP 7.1.0 but I get an error
> and I don't know what's going on or how I can fix that.
> For that, I have read the microprofile-jwt-auth-spec-1.0.pdf, so in my
> war application deployed:
>
> * I have a public class MPJwtApplication extends Application
> annotated with @LoginConfig(authMethod = "MP-JWT", realmName =
> "TCK-MP-JWT")
>
> * I have a resource class annotated @Path("resources")
> @RequestScoped where I have
>
> o @Inject private JsonWebToken callerPrincipal;
>
> o A @GET public Response test () { System.out.println("JsonWebToken:" +
> callerPrincipal + "."); return Response.ok().build();}
>
>
>
> In the war deployed, I also have a beans.xml with the following content:
>
> <?xml version="1.0" encoding="UTF-8"?> <beans
> xmlns="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=SguBgQ1i0q3857p347Kz5DUEBQg0rPB87HEf9RhDLfo%3D&reserved=0"
> xmlns:xsi="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=b7SQw7g52Y8goyvKLR78uR9so5q2D%2BPZH5bAMl%2Bsh1Y%3D&reserved=0"
>
> xsi:schemaLocation="https://emea01.safelinks.protection.outlook.com/?u
> rl=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee&data=02%7C01%7CF
> rancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C3
> 7d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata
> =SguBgQ1i0q3857p347Kz5DUEBQg0rPB87HEf9RhDLfo%3D&reserved=0
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee%2Fbeans_1_1.xsd&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=UAMyzrxk%2BU2%2BMxNBvKe%2FFGTkQmFj7xq%2BtJC8YFrWWuk%3D&reserved=0"
> bean-discovery-mode="all">
>
> </beans>
>
>
>
> Using Soap UI, I send a GET HTTP request with an Authorization header:
> bearer <JWT Base 64 encoded>, the error I get is:
>
> 22-Feb-2019 15:32:43.729 WARNING [http-nio-8080-exec-20]
> org.apache.cxf.phase.PhaseInterceptorChain.doDefaultLogging
> Application {
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjwt.
> mp%2F&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db
> 874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C63
> 6865141334006978&sdata=5gjcfEjv5a%2BqTNyXk1ztdt1pnLE5JIevOexg28%2F
> cWlU%3D&reserved=0}MPJwtResource has thrown exception, unwinding
> now
> org.apache.cxf.interceptor.Fault: WebBeans producer : currentPrincipal
> return type in the component implementation class :
> org.apache.tomee.microprofile.jwt.cdi.MPJWTProducer scope type must be
> @Dependent to create null instance
>
>
>
> I was expecting to have the callerPrincipal set to null but why this
> CDI @Dependent scope error stuff ?
>
>
> Any idea ?
>
> Best Regards.
> ________________________________
> This message and any attachments are intended solely for the
> addressees and may contain confidential information. Any unauthorized
> use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable
> for the message if altered, changed or falsified. If you are not the
> intended recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this
> transmission free from viruses, the sender will not be liable for
> damages caused by a transmitted virus.
>
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Re: Try to build a JWT sample
Posted by Jean-Louis Monteiro <jl...@tomitribe.com>.
Bonjour François,
Is there a way for you to share the project?
I worked on the JWT implementation and the example, I might be able to help.
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Fri, Feb 22, 2019 at 4:56 PM COURTAULT Francois <
Francois.Courtault@gemalto.com> wrote:
> Hello,
>
> I try to build a simple sample using TomEE MP 7.1.0 but I get an error and
> I don't know what's going on or how I can fix that.
> For that, I have read the microprofile-jwt-auth-spec-1.0.pdf, so in my war
> application deployed:
>
> * I have a public class MPJwtApplication extends Application
> annotated with @LoginConfig(authMethod = "MP-JWT", realmName = "TCK-MP-JWT")
>
> * I have a resource class annotated @Path("resources")
> @RequestScoped where I have
>
> o @Inject private JsonWebToken callerPrincipal;
>
> o A @GET public Response test () { System.out.println("JsonWebToken:" +
> callerPrincipal + "."); return Response.ok().build();}
>
>
>
> In the war deployed, I also have a beans.xml with the following content:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
> http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd"
> bean-discovery-mode="all">
>
> </beans>
>
>
>
> Using Soap UI, I send a GET HTTP request with an Authorization header:
> bearer <JWT Base 64 encoded>, the error I get is:
>
> 22-Feb-2019 15:32:43.729 WARNING [http-nio-8080-exec-20]
> org.apache.cxf.phase.PhaseInterceptorChain.doDefaultLogging Application {
> http://jwt.mp/}MPJwtResource has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: WebBeans producer : currentPrincipal
> return type in the component implementation class :
> org.apache.tomee.microprofile.jwt.cdi.MPJWTProducer scope type must be
> @Dependent to create null instance
>
>
>
> I was expecting to have the callerPrincipal set to null but why this CDI
> @Dependent scope error stuff ?
>
>
> Any idea ?
>
> Best Regards.
> ________________________________
> This message and any attachments are intended solely for the addressees
> and may contain confidential information. Any unauthorized use or
> disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for
> the message if altered, changed or falsified. If you are not the intended
> recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission
> free from viruses, the sender will not be liable for damages caused by a
> transmitted virus.
>