Yes it would allow that. -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com
On Wed, Mar 28, 2018 at 10:22 AM, Matthew Broadhead < matthew.broadh...@nbmlaw.co.uk> wrote: > would it allow configuration of an oauth endpoint in TomEE and then > defining security-constraint in the web.xml of a webapp? seems like a good > plan if it drops the need for 3rd party libs > > > On 28/03/2018 10:15, Romain Manni-Bucau wrote: > >> Hi Matthew, >> >> it is an impl of https://github.com/eclipse/microprofile-jwt-auth >> >> Normally with a JWT you can drop these things as well - can need some >> wrapper to handle the representation in a less raw way but nothing crazy. >> >> >> Romain Manni-Bucau >> @rmannibucau <https://twitter.com/rmannibucau> | Blog >> <https://rmannibucau.metawerx.net/> | Old Blog >> <http://rmannibucau.wordpress.com> | Github < >> https://github.com/rmannibucau> | >> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book >> <https://www.packtpub.com/application-development/java-ee-8- >> high-performance> >> >> 2018-03-28 10:10 GMT+02:00 Matthew Broadhead < >> matthew.broadh...@nbmlaw.co.uk >> >>> : >>> is this about JSON web tokens or some other JWT? >>> is this JWT library similar to something like the keycloak tomcat >>> adapter? >>> http://www.keycloak.org/docs/2.5/securing_apps/topics/oidc/j >>> ava/tomcat-adapter.html >>> if so is there a specification on this and do different IDPs handle this >>> differently. i.e. if TomEE had a JWT adapter would it no longer need the >>> keycloak adapter? >>> for instance the keycloak includes structures like UserRepresentation, >>> RoleRepresentation, CredentialRepresentation. would this be handled in a >>> new JWT lib? >>> >>> >>> On 28/03/2018 07:13, Romain Manni-Bucau wrote: >>> >>> Roberto PR *is* merged JL. >>>> He did the work to be able to consume any CDI "container" lib. >>>> >>>> So I'd just extract the code as we discussed together in G before that >>>> mess >>>> and move forward to keep TCK and add the lib in the MP distro Roberto >>>> created to fit that design. >>>> >>>> As soon as you imported the lib in G, I will make sure to help to make >>>> it >>>> releasable. >>>> >>>> As the ee concurrency utilities dev I can guarantee you it is wrong to >>>> put >>>> it in TomEE :( - mea culpa here. >>>> >>>> I can understand the "i cant commit" but you can PR and several of these >>>> objections are coming from people willing RTC which leads to the same >>>> blocking state so not sure I get the rational to break projects here and >>>> make them messy which would deserve asf IMHO. >>>> >>>> Le 27 mars 2018 23:37, "Jonathan Gallimore" < >>>> jonathan.gallim...@gmail.com >>>> a écrit : >>>> >>>> If it can sit in its own repository, and that improves re-usability, >>>> that >>>> >>>>> sounds like a good thing to me. I'd be happy with that under the TomEE >>>>> TLP. >>>>> I am sure some folks will prefer to see it under Geronimo. I am a TomEE >>>>> committer, I am not yet a Geronimo committer (maybe someday....) so I >>>>> would >>>>> lean towards TomEE. Wherever it sits, it needs to be possible to work >>>>> on >>>>> it >>>>> without being blocked. >>>>> >>>>> Jon >>>>> >>>>> On Tue, Mar 27, 2018 at 10:27 PM, Jean-Louis Monteiro < >>>>> jlmonte...@tomitribe.com> wrote: >>>>> >>>>> What about this vote David? >>>>> >>>>>> Roberto's PR for MP-Config integration and mine about MP-JWT are still >>>>>> >>>>>> not >>>>> >>>>> merged. >>>>>> Most of the JWT code is server independent and therefor could be >>>>>> >>>>>> extracted >>>>> >>>>> into a separate library. >>>>>> >>>>>> So where the code sits is definitely a question we need to address. >>>>>> I don't believe the current TomEE repo is a good home. >>>>>> >>>>>> TomEE as the Apache TLP can on the other hand become an home. >>>>>> We only need another another repo where we could put some reusable >>>>>> code. >>>>>> >>>>>> There are a couple of utility classes in TomEE that could also become >>>>>> a >>>>>> reusable library. >>>>>> I have prepared and pushed the 2 PRs for Chatterbox and Sheldon >>>>>> donation. >>>>>> >>>>>> So I would probably propose to create a dedicated git repo where we >>>>>> could >>>>>> put all the reusable parts. >>>>>> One benefit I see is that we could make the TomEE codebase a bit >>>>>> lighter. >>>>>> >>>>>> What do you guys think? >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Jean-Louis Monteiro >>>>>> http://twitter.com/jlouismonteiro >>>>>> http://www.tomitribe.com >>>>>> >>>>>> On Thu, Mar 22, 2018 at 10:47 AM, Matthew Broadhead < >>>>>> matthew.broadh...@nbmlaw.co.uk> wrote: >>>>>> >>>>>> does this mean a reusable JWT library external to TomEE, or within the >>>>>> >>>>>>> TomEE project? >>>>>>> i have to agree with previous statements i read that TomEE is a >>>>>>> bundle >>>>>>> >>>>>>> of >>>>>> libraries and not really the place to locate reusable pluggable >>>>>> projects. >>>>>> it is more like the place where you might plug a project in once it is >>>>>> >>>>>>> working >>>>>>> >>>>>>> >>>>>>> On 19/03/2018 11:39, Jonathan Gallimore wrote: >>>>>>> >>>>>>> What's the other vote ("Geronimo one")? >>>>>>> >>>>>>>> Jon >>>>>>>> >>>>>>>> On Mon, Mar 19, 2018 at 6:33 AM, Romain Manni-Bucau < >>>>>>>> rmannibu...@gmail.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>> Hey David, >>>>>>>> >>>>>>>> How does this vote relates to the geronimo one you launched? >>>>>>>>> >>>>>>>>> Are they purely concurrent or can they be conditional one for the >>>>>>>>> >>>>>>>>> other? >>>>>>>> >>>>>>>>> Le 19 mars 2018 01:03, "David Blevins" <david.blev...@gmail.com> a >>>>>>>>> écrit : >>>>>>>>> >>>>>>>>> The vote for merging PR 123 does not address community will on what >>>>>>>>> >>>>>>>>> to >>>>>>>> >>>>>>> do >>>>>> >>>>>> with the code beyond merging it. One can realistically vote +1 to >>>>>>> >>>>>>>> merge >>>>>>>>> >>>>>>>> the code, but then desire to see the code cleaned up and moved >>>>>>> >>>>>>>> elsewhere. >>>>>>>>>> One can realistically desire seeing an attempt to clean up the >>>>>>>>>> code >>>>>>>>>> >>>>>>>>>> to >>>>>>>>> >>>>>>>> find >>>>>> >>>>>>> what is reusable and may wish to withhold a final decision until we >>>>>>>>> see >>>>>>>>> >>>>>>>> how >>>>>>> >>>>>>>> fruitful such a module would be. >>>>>>>>> >>>>>>>>>> Out of respect for people who may not know exactly how they feel >>>>>>>>>> >>>>>>>>>> (TomEE >>>>>>>>> >>>>>>>> or >>>>>>> >>>>>>>> Geronimo), this is a vote for the latter. >>>>>>>>> >>>>>>>>>> Vote: Should we attempt to extract code from the JWT PR to see >>>>>>>>>> what >>>>>>>>>> >>>>>>>>>> is >>>>>>>>> >>>>>>>> reusable and how successful such a jar would be? >>>>>> >>>>>>> +1 Let's give it a shot here >>>>>>>>>> +-0 >>>>>>>>>> -1 Let's do this elsewhere >>>>>>>>>> >>>>>>>>>> If the vote is +1 to attempt an extraction of reusable code here, >>>>>>>>>> >>>>>>>>>> final >>>>>>>>> >>>>>>>> conclusion of if that extraction is worth it or where it should live >>>>>>> >>>>>>>> is >>>>>>>>> >>>>>>>> not >>>>>>> >>>>>>>> being voted on. People are welcome to decide differently based on >>>>>>>>> the >>>>>>>>> >>>>>>>> results of the exercise. >>>>>> >>>>>>> >>>>>>>>>> -David >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >
