You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomee.apache.org by cotnic <gi...@git.apache.org> on 2019/01/02 10:15:33 UTC
[GitHub] tomee pull request #342: TOMEE-2332 MP-jwt-jwk example
GitHub user cotnic opened a pull request:
https://github.com/apache/tomee/pull/342
TOMEE-2332 MP-jwt-jwk example
Implemented the MP-jwt for JWKs public key example.
Also included the usage of MP-rest-client for testing.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/cotnic/tomee TOMEE-2332
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/tomee/pull/342.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #342
----
commit 6fcafa431535e0d2ff25606b57353726cf09acd4
Author: cotnic <mi...@...>
Date: 2018-12-29T08:11:09Z
created REST service.
TODO: Implement the JWT JWK functionalities
commit d267983ae3c2c9ee1805a01016829f2ea7d36192
Author: cotnic <mi...@...>
Date: 2019-01-02T10:13:25Z
TOMEE-2332: example for JWKs usage in MicroProfile JWT with TomEE
----
---
[GitHub] tomee pull request #342: TOMEE-2332 MP-jwt-jwk example
Posted by jeanouii <gi...@git.apache.org>.
Github user jeanouii commented on a diff in the pull request:
https://github.com/apache/tomee/pull/342#discussion_r244751685
--- Diff: examples/mp-rest-jwt-jwk/README.adoc ---
@@ -0,0 +1,76 @@
+= MicroProfile JWT JWKs
+:index-group: MicroProfile
+:jbake-type: page
+:jbake-status: published
+
+This is an example on how to use MicroProfile JWT in TomEE by using the
+public key as JWKs.
+
+== Run the application:
+
+[source, bash]
+----
+mvn clean install tomee:run
+----
+
+This example is a CRUD application for products available.
+
+== Requirments and configuration
+
+For usage of MicroProfile JWT we have to change the following to our
+project:
+
+[arabic]
+. Add the dependency to our `pom.xml` file:
++
+....
+<dependency>
+ <groupId>org.eclipse.microprofile.jwt</groupId>
+ <artifactId>microprofile-jwt-auth-api</artifactId>
+ <version>${mp-jwt.version}</version>
+ <scope>provided</scope>
+</dependency>
+....
+. Annotate our `Application.class` with `@LoginConfig(authMethod = "MP-JWT")`
+
+. Provide public and private key for authentication. And specify the location of the public key and the issuer in our
+`microprofile-config.properties` file.
++
+[source,properties]
+----
+mp.jwt.verify.publickey.location=/jwks.pem
+mp.jwt.verify.issuer=https://example.com
+----
+
+. Define `@RolesAllowed()` on the endpoints we want to protect.
+
+== About the application architecture
+
+The application enables us to manipulate and view products with specific users. We have two users
+`Alice Wonder` and `John Doe`. They can read, create, edit and delete specific entries.
+
+`jwt-john.json`
+
+[source,json]
+----
+{
+ "iss": "https://example.com",
+ "sub": "24400320",
+ "name": "John Doe",
+ "upn": "john.doe@example.com",
+ "preferred_username": "john",
+ "groups": [
+ "guest", "admin"
+ ]
+}
+----
+
+== Access the endpoints with JWT token
+
+We access endpoints from our test class by creating a `JWT` with the help of
+our `TokenUtils.generateJWTString(String jsonResource, String keyId)` which signs our user
+data in json format with the help of our `src/test/resources/{keyId}` key.
--- End diff --
This is where you need the private key, but this is for testing purpose to generate a valide and signed JWT
---
[GitHub] tomee pull request #342: TOMEE-2332 MP-jwt-jwk example
Posted by jeanouii <gi...@git.apache.org>.
Github user jeanouii commented on a diff in the pull request:
https://github.com/apache/tomee/pull/342#discussion_r244751383
--- Diff: examples/mp-rest-jwt-jwk/README.adoc ---
@@ -0,0 +1,76 @@
+= MicroProfile JWT JWKs
+:index-group: MicroProfile
+:jbake-type: page
+:jbake-status: published
+
+This is an example on how to use MicroProfile JWT in TomEE by using the
+public key as JWKs.
+
+== Run the application:
+
+[source, bash]
+----
+mvn clean install tomee:run
+----
+
+This example is a CRUD application for products available.
+
+== Requirments and configuration
+
+For usage of MicroProfile JWT we have to change the following to our
+project:
+
+[arabic]
+. Add the dependency to our `pom.xml` file:
++
+....
+<dependency>
+ <groupId>org.eclipse.microprofile.jwt</groupId>
+ <artifactId>microprofile-jwt-auth-api</artifactId>
+ <version>${mp-jwt.version}</version>
+ <scope>provided</scope>
+</dependency>
+....
+. Annotate our `Application.class` with `@LoginConfig(authMethod = "MP-JWT")`
+
+. Provide public and private key for authentication. And specify the location of the public key and the issuer in our
--- End diff --
What's actually required is the public key because MicroProfile JWT targets the validation side (consuming a JWT). The private key would be useful on the producer side of things such as an identity provider, or an API Gateway.
---
[GitHub] tomee pull request #342: TOMEE-2332 MP-jwt-jwk example
Posted by jeanouii <gi...@git.apache.org>.
Github user jeanouii commented on a diff in the pull request:
https://github.com/apache/tomee/pull/342#discussion_r244752028
--- Diff: examples/mp-rest-jwt-jwk/pom.xml ---
@@ -0,0 +1,215 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <groupId>org.superbiz</groupId>
+ <artifactId>mp-rest-jwt-jwk</artifactId>
+ <version>8.0.0-SNAPSHOT</version>
+ <packaging>war</packaging>
+ <name>OpenEJB :: Examples :: MP REST JWT JWK</name>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <tomee.version>8.0.0-SNAPSHOT</tomee.version>
+ <version.shrinkwrap.resolver>2.0.0</version.shrinkwrap.resolver>
+ <mp-jwt.version>1.1</mp-jwt.version>
+ <mp-rest-client.version>1.1</mp-rest-client.version>
+ </properties>
+
+ <build>
+ <defaultGoal>install</defaultGoal>
+ <finalName>phonestore</finalName>
+
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.18.1</version>
+ <configuration>
+ <reuseForks>false</reuseForks>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>3.1.0</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>3.5.1</version>
+ <configuration>
+ <source>1.8</source>
+ <target>1.8</target>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.tomee.maven</groupId>
+ <artifactId>tomee-maven-plugin</artifactId>
+ <version>${tomee.version}</version>
+ <configuration>
+ <tomeeClassifier>microprofile</tomeeClassifier>
+ <args>-Xmx512m -XX:PermSize=256m</args>
+ <config>${project.basedir}/src/main/tomee/</config>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencyManagement>
+ <dependencies>
+ <!-- Override dependency resolver with test version. This must go *BEFORE*
+ the Arquillian BOM. -->
+ <dependency>
+ <groupId>org.jboss.shrinkwrap.resolver</groupId>
+ <artifactId>shrinkwrap-resolver-bom</artifactId>
+ <version>${version.shrinkwrap.resolver}</version>
+ <scope>import</scope>
+ <type>pom</type>
+ </dependency>
+ <!-- Now pull in our server-based unit testing framework -->
+ <dependency>
+ <groupId>org.jboss.arquillian</groupId>
+ <artifactId>arquillian-bom</artifactId>
+ <version>1.0.3.Final</version>
+ <scope>import</scope>
+ <type>pom</type>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.tomee</groupId>
+ <artifactId>javaee-api</artifactId>
+ <version>8.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.eclipse.microprofile.jwt</groupId>
+ <artifactId>microprofile-jwt-auth-api</artifactId>
+ <version>${mp-jwt.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.microprofile.rest.client</groupId>
+ <artifactId>microprofile-rest-client-api</artifactId>
+ <version>${mp-rest-client.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>com.nimbusds</groupId>
+ <artifactId>nimbus-jose-jwt</artifactId>
+ <version>4.23</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.12</version>
+ <scope>test</scope>
+ </dependency>
+
+ <!--
--- End diff --
Small detail, but looks like some test dependencies are before this section, not sure it's intended or not.
It's a detail so won't prevent the merge at all
---