would it allow configuration of an oauth endpoint in TomEE and then
defining security-constraint in the web.xml of a webapp? seems like a
good plan if it drops the need for 3rd party libs
On 28/03/2018 10:15, Romain Manni-Bucau wrote:
Hi Matthew,
it is an impl of https://github.com/eclipse/microprofile-jwt-auth
Normally with a JWT you can drop these things as well - can need some
wrapper to handle the representation in a less raw way but nothing crazy.
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<https://rmannibucau.metawerx.net/> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
<https://www.packtpub.com/application-development/java-ee-8-high-performance>
2018-03-28 10:10 GMT+02:00 Matthew Broadhead <[email protected]
:
is this about JSON web tokens or some other JWT?
is this JWT library similar to something like the keycloak tomcat adapter?
http://www.keycloak.org/docs/2.5/securing_apps/topics/oidc/j
ava/tomcat-adapter.html
if so is there a specification on this and do different IDPs handle this
differently. i.e. if TomEE had a JWT adapter would it no longer need the
keycloak adapter?
for instance the keycloak includes structures like UserRepresentation,
RoleRepresentation, CredentialRepresentation. would this be handled in a
new JWT lib?
On 28/03/2018 07:13, Romain Manni-Bucau wrote:
Roberto PR *is* merged JL.
He did the work to be able to consume any CDI "container" lib.
So I'd just extract the code as we discussed together in G before that
mess
and move forward to keep TCK and add the lib in the MP distro Roberto
created to fit that design.
As soon as you imported the lib in G, I will make sure to help to make it
releasable.
As the ee concurrency utilities dev I can guarantee you it is wrong to put
it in TomEE :( - mea culpa here.
I can understand the "i cant commit" but you can PR and several of these
objections are coming from people willing RTC which leads to the same
blocking state so not sure I get the rational to break projects here and
make them messy which would deserve asf IMHO.
Le 27 mars 2018 23:37, "Jonathan Gallimore" <[email protected]
a écrit :
If it can sit in its own repository, and that improves re-usability, that
sounds like a good thing to me. I'd be happy with that under the TomEE
TLP.
I am sure some folks will prefer to see it under Geronimo. I am a TomEE
committer, I am not yet a Geronimo committer (maybe someday....) so I
would
lean towards TomEE. Wherever it sits, it needs to be possible to work on
it
without being blocked.
Jon
On Tue, Mar 27, 2018 at 10:27 PM, Jean-Louis Monteiro <
[email protected]> wrote:
What about this vote David?
Roberto's PR for MP-Config integration and mine about MP-JWT are still
not
merged.
Most of the JWT code is server independent and therefor could be
extracted
into a separate library.
So where the code sits is definitely a question we need to address.
I don't believe the current TomEE repo is a good home.
TomEE as the Apache TLP can on the other hand become an home.
We only need another another repo where we could put some reusable code.
There are a couple of utility classes in TomEE that could also become a
reusable library.
I have prepared and pushed the 2 PRs for Chatterbox and Sheldon
donation.
So I would probably propose to create a dedicated git repo where we
could
put all the reusable parts.
One benefit I see is that we could make the TomEE codebase a bit
lighter.
What do you guys think?
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Thu, Mar 22, 2018 at 10:47 AM, Matthew Broadhead <
[email protected]> wrote:
does this mean a reusable JWT library external to TomEE, or within the
TomEE project?
i have to agree with previous statements i read that TomEE is a bundle
of
libraries and not really the place to locate reusable pluggable
projects.
it is more like the place where you might plug a project in once it is
working
On 19/03/2018 11:39, Jonathan Gallimore wrote:
What's the other vote ("Geronimo one")?
Jon
On Mon, Mar 19, 2018 at 6:33 AM, Romain Manni-Bucau <
[email protected]>
wrote:
Hey David,
How does this vote relates to the geronimo one you launched?
Are they purely concurrent or can they be conditional one for the
other?
Le 19 mars 2018 01:03, "David Blevins" <[email protected]> a
écrit :
The vote for merging PR 123 does not address community will on what
to
do
with the code beyond merging it. One can realistically vote +1 to
merge
the code, but then desire to see the code cleaned up and moved
elsewhere.
One can realistically desire seeing an attempt to clean up the code
to
find
what is reusable and may wish to withhold a final decision until we
see
how
fruitful such a module would be.
Out of respect for people who may not know exactly how they feel
(TomEE
or
Geronimo), this is a vote for the latter.
Vote: Should we attempt to extract code from the JWT PR to see what
is
reusable and how successful such a jar would be?
+1 Let's give it a shot here
+-0
-1 Let's do this elsewhere
If the vote is +1 to attempt an extraction of reusable code here,
final
conclusion of if that extraction is worth it or where it should live
is
not
being voted on. People are welcome to decide differently based on
the
results of the exercise.
-David
