Le 14 févr. 2018 19:47, "David Blevins" <david.blev...@gmail.com> a écrit :
> On Feb 14, 2018, at 9:01 AM, Romain Manni-Bucau <rmannibu...@gmail.com> wrote: > > interesting thing is JsonWebToken principal will not work with CDI by > design - due to proxies - so must use another unwrapped layer to get the > principal like jaspic or servlet layers which will not require any change > in any of our internals but more a better integration of existing techno, > no? There are effectively two ways to get the JsonWebToken: - Injectable via CDI into @RequestScoped beans - Anywhere a Principal can be obtained There is also an @Claim qualifier which allows individual claims from the JWT to be injected into @RequestScoped beans as JSON-P types or as primatives. If jsonp it can be @appscoped too technically That part will be a bit tricky, but effectively we need a dependent-scoped producer that can find the JWT data in the active request. Perhaps by looking in the ThreadContext. Cant jaspic work? Also a jwt for an ejb without a request means....something to define ;). -David