Following up on a discussion on the TomEE mailing list here: http://tomee-openejb.979440.n4.nabble.com/MicroProfile-JWT-1-1-td4684741.html
I have created a PR with an additional test for principal injection: https://github.com/apache/geronimo-jwt-auth/pull/3 This tests injection with two different tokens for two different requests to ensure the correct principal is injected into the endpoint. At present this test fails - as far as I can see, the ProviderBasedProducer used by the PrincipalBean in OWB caches the Principal object returned, so subsequent calls always get the first Principal fetched from the security service. Although I suspect it may be an OWB issue, I am posting here first in case its a configuration issue or similar that I am missing. I'm happy to follow up on the OWB list. Using this change in OWB, this additional test does pass. https://github.com/apache/openwebbeans/pull/12 Please note, I initially ran into this while working on TomEE, but I don't believe this is a TomEE specific issue. The test I have added doesn't use TomEE in any way (it should be using OWB/Meecrowave), and should run with a simple "mvn clean install" on the geronimo-jwt-auth project. My build output is attached for reference. I'm happy to do further investigation, and could probably put together a sample using the pure Geronimo JWT library and Meecrowave if that helps. Jon
build.log
Description: Binary data