You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomee.apache.org by Zoltán Tichov <zo...@gmail.com> on 2022/12/18 11:51:22 UTC
Re: TomEE MicroProfile - current status
Hi!
I managed to do it, I made a PR.
https://github.com/apache/tomee/pull/990
Should I change the property name in the JWT TCK?
https://github.com/apache/tomee/blob/main/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/validation/ExpClaimAllowMissingExpValidationTest.java#L89
Thanks:
Zoltán
On Wed, Nov 9, 2022 at 9:24 PM David Blevins <da...@gmail.com>
wrote:
> > On Nov 9, 2022, at 10:29 AM, Zoltán Tichov <zo...@gmail.com>
> wrote:
> >
> > Hi!
> >
> > Is there another task that could be taken care of?
>
> There's a change in the same code that's on my "I should really find the
> time to fix that" list if you want to dig in.
>
> Basically, we added a TomEE-specific property
> `mp.jwt.tomee.allow.no-exp`. We likely should avoid putting custom
> properties in the `mp.jwt.*` namespace and likely we should:
>
> - rename it to something that starts with `tomee` like say
> `tomee.mp.jwt.allow.no-exp`
> - ensure both properties work for backwards compatibility
> - `tomee.mp.jwt.allow.no-exp` would win if both were defined
> - any use of `mp.jwt.tomee.allow.no-exp` should get a warning log
> message
> - create an itest or two in `itests/microprofile-jwt-itests/` that uses
> the property
> - update `docs/microprofile/jwt.adoc`
> - File JIRA cause I haven't done that yet, LOL :)
>
> The runtime change will be a piece of cake for you. Most the work would
> be in the itest, which could be kind of new/fun to do.
>
> Thoughts?
>
> -David
>
> > On Wed, Nov 9, 2022 at 10:19 AM Jean-Louis Monteiro <
> > jlmonteiro@tomitribe.com> wrote:
> >
> >> We can get the CI system to build it.
> >> Thanks Zoltan
> >> --
> >> Jean-Louis Monteiro
> >> http://twitter.com/jlouismonteiro
> >> http://www.tomitribe.com
> >>
> >>
> >> On Wed, Nov 9, 2022 at 10:06 AM Richard Zowalla <ri...@zowalla.com>
> >> wrote:
> >>
> >>> Hi,
> >>>
> >>> good news! Yes - go for a PR.
> >>>
> >>> Gruß
> >>> Richard
> >>>
> >>> Am Dienstag, dem 08.11.2022 um 23:30 +0100 schrieb Zoltán Tichov:
> >>>> Hi!
> >>>>
> >>>> I managed to get all the MP-JWT-TCK 2.1-RC6 tests to pass. I created
> >>>> microprofile-jwt-2.1-RC6 branch in my forked tomee project.
> >>>> What should I do? Can I create a PR?
> >>>>
> >>>> Thanks:
> >>>> Zoltán
> >>>>
> >>>> On Wed, Nov 2, 2022 at 10:30 PM David Blevins <
> >>>> david.blevins@gmail.com>
> >>>> wrote:
> >>>>
> >>>>>> On Nov 2, 2022, at 1:51 PM, Zoltán Tichov <
> >>>>>> zoltan.tichov@gmail.com>
> >>>>> wrote:
> >>>>>> Hi!
> >>>>>>
> >>>>>> There is at least one new test method in TCK callEchoAgedToken()
> >>>>>> and
> >>>>> added
> >>>>>> a new feature
> >>>>>> 'mp.jwt.verify.token.age'. This method failed, because it should
> >>>>>> return
> >>>>>> with HttpURLConnection.HTTP_UNAUTHORIZED instead of
> >>>>>> HttpURLConnection.HTTP_OK.
> >>>>>> Am I right that this property should be checked in
> >>>>>> org.apache.tomee.microprofile.jwt.MPJWTFilter?
> >>>>>
> >>>>> That's exactly right. More than likely the jose4j library we use
> >>>>> already
> >>>>> supports token age -- definitely post if it doesn't cause then the
> >>>>> problem
> >>>>> is way harder.
> >>>>>
> >>>>> If it does already support something like token age, then the task
> >>>>> becomes
> >>>>> reading the new property and feeding that into `MPJWTFilter`.
> >>>>>
> >>>>> - `JWTAuthConfigurationProperties` is where we're currently
> >>>>> reading the
> >>>>> MP JWT properties
> >>>>> - `JWTAuthConfiguration` is where the above class puts those
> >>>>> properties
> >>>>> once read (you'll need to make a new field there)
> >>>>>
> >>>>> Once that's done you can update `MPJWTFilter` to setup the
> >>>>> JwtConsumerBuilder using the data in JWTAuthConfiguration if the
> >>>>> user set
> >>>>> it.
> >>>>>
> >>>>>
> >>>>> -David
> >>>>>
> >>>>>
> >>>
> >>>
> >>
>
>
Re: TomEE MicroProfile - current status
Posted by Jean-Louis Monteiro <jl...@tomitribe.com>.
Awesome.
Good job Zoltan.
David will review and comment. Otherwise, I'll try later today.
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Sun, Dec 18, 2022 at 12:51 PM Zoltán Tichov <zo...@gmail.com>
wrote:
> Hi!
>
> I managed to do it, I made a PR.
>
> https://github.com/apache/tomee/pull/990
>
> Should I change the property name in the JWT TCK?
>
>
> https://github.com/apache/tomee/blob/main/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/validation/ExpClaimAllowMissingExpValidationTest.java#L89
>
> Thanks:
> Zoltán
>
>
>
>
> On Wed, Nov 9, 2022 at 9:24 PM David Blevins <da...@gmail.com>
> wrote:
>
> > > On Nov 9, 2022, at 10:29 AM, Zoltán Tichov <zo...@gmail.com>
> > wrote:
> > >
> > > Hi!
> > >
> > > Is there another task that could be taken care of?
> >
> > There's a change in the same code that's on my "I should really find the
> > time to fix that" list if you want to dig in.
> >
> > Basically, we added a TomEE-specific property
> > `mp.jwt.tomee.allow.no-exp`. We likely should avoid putting custom
> > properties in the `mp.jwt.*` namespace and likely we should:
> >
> > - rename it to something that starts with `tomee` like say
> > `tomee.mp.jwt.allow.no-exp`
> > - ensure both properties work for backwards compatibility
> > - `tomee.mp.jwt.allow.no-exp` would win if both were defined
> > - any use of `mp.jwt.tomee.allow.no-exp` should get a warning log
> > message
> > - create an itest or two in `itests/microprofile-jwt-itests/` that uses
> > the property
> > - update `docs/microprofile/jwt.adoc`
> > - File JIRA cause I haven't done that yet, LOL :)
> >
> > The runtime change will be a piece of cake for you. Most the work would
> > be in the itest, which could be kind of new/fun to do.
> >
> > Thoughts?
> >
> > -David
> >
> > > On Wed, Nov 9, 2022 at 10:19 AM Jean-Louis Monteiro <
> > > jlmonteiro@tomitribe.com> wrote:
> > >
> > >> We can get the CI system to build it.
> > >> Thanks Zoltan
> > >> --
> > >> Jean-Louis Monteiro
> > >> http://twitter.com/jlouismonteiro
> > >> http://www.tomitribe.com
> > >>
> > >>
> > >> On Wed, Nov 9, 2022 at 10:06 AM Richard Zowalla <ri...@zowalla.com>
> > >> wrote:
> > >>
> > >>> Hi,
> > >>>
> > >>> good news! Yes - go for a PR.
> > >>>
> > >>> Gruß
> > >>> Richard
> > >>>
> > >>> Am Dienstag, dem 08.11.2022 um 23:30 +0100 schrieb Zoltán Tichov:
> > >>>> Hi!
> > >>>>
> > >>>> I managed to get all the MP-JWT-TCK 2.1-RC6 tests to pass. I created
> > >>>> microprofile-jwt-2.1-RC6 branch in my forked tomee project.
> > >>>> What should I do? Can I create a PR?
> > >>>>
> > >>>> Thanks:
> > >>>> Zoltán
> > >>>>
> > >>>> On Wed, Nov 2, 2022 at 10:30 PM David Blevins <
> > >>>> david.blevins@gmail.com>
> > >>>> wrote:
> > >>>>
> > >>>>>> On Nov 2, 2022, at 1:51 PM, Zoltán Tichov <
> > >>>>>> zoltan.tichov@gmail.com>
> > >>>>> wrote:
> > >>>>>> Hi!
> > >>>>>>
> > >>>>>> There is at least one new test method in TCK callEchoAgedToken()
> > >>>>>> and
> > >>>>> added
> > >>>>>> a new feature
> > >>>>>> 'mp.jwt.verify.token.age'. This method failed, because it should
> > >>>>>> return
> > >>>>>> with HttpURLConnection.HTTP_UNAUTHORIZED instead of
> > >>>>>> HttpURLConnection.HTTP_OK.
> > >>>>>> Am I right that this property should be checked in
> > >>>>>> org.apache.tomee.microprofile.jwt.MPJWTFilter?
> > >>>>>
> > >>>>> That's exactly right. More than likely the jose4j library we use
> > >>>>> already
> > >>>>> supports token age -- definitely post if it doesn't cause then the
> > >>>>> problem
> > >>>>> is way harder.
> > >>>>>
> > >>>>> If it does already support something like token age, then the task
> > >>>>> becomes
> > >>>>> reading the new property and feeding that into `MPJWTFilter`.
> > >>>>>
> > >>>>> - `JWTAuthConfigurationProperties` is where we're currently
> > >>>>> reading the
> > >>>>> MP JWT properties
> > >>>>> - `JWTAuthConfiguration` is where the above class puts those
> > >>>>> properties
> > >>>>> once read (you'll need to make a new field there)
> > >>>>>
> > >>>>> Once that's done you can update `MPJWTFilter` to setup the
> > >>>>> JwtConsumerBuilder using the data in JWTAuthConfiguration if the
> > >>>>> user set
> > >>>>> it.
> > >>>>>
> > >>>>>
> > >>>>> -David
> > >>>>>
> > >>>>>
> > >>>
> > >>>
> > >>
> >
> >
>