@Jon: drop some SE style code to move to CDI style and allow apps to override "naturally" impls + droppring jose dep are the main ones. Some optim in the Bean impl should pby be planned too but can need some more investment and are less blocking for a 1.0.0.
Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://rmannibucau.metawerx.net/> | Old Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book <https://www.packtpub.com/application-development/java-ee-8-high-performance> 2018-03-28 10:46 GMT+02:00 Jean-Louis Monteiro <jlmonte...@tomitribe.com>: > Yes it would allow that. > > -- > Jean-Louis Monteiro > http://twitter.com/jlouismonteiro > http://www.tomitribe.com > > On Wed, Mar 28, 2018 at 10:22 AM, Matthew Broadhead < > matthew.broadh...@nbmlaw.co.uk> wrote: > > > would it allow configuration of an oauth endpoint in TomEE and then > > defining security-constraint in the web.xml of a webapp? seems like a > good > > plan if it drops the need for 3rd party libs > > > > > > On 28/03/2018 10:15, Romain Manni-Bucau wrote: > > > >> Hi Matthew, > >> > >> it is an impl of https://github.com/eclipse/microprofile-jwt-auth > >> > >> Normally with a JWT you can drop these things as well - can need some > >> wrapper to handle the representation in a less raw way but nothing > crazy. > >> > >> > >> Romain Manni-Bucau > >> @rmannibucau <https://twitter.com/rmannibucau> | Blog > >> <https://rmannibucau.metawerx.net/> | Old Blog > >> <http://rmannibucau.wordpress.com> | Github < > >> https://github.com/rmannibucau> | > >> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book > >> <https://www.packtpub.com/application-development/java-ee-8- > >> high-performance> > >> > >> 2018-03-28 10:10 GMT+02:00 Matthew Broadhead < > >> matthew.broadh...@nbmlaw.co.uk > >> > >>> : > >>> is this about JSON web tokens or some other JWT? > >>> is this JWT library similar to something like the keycloak tomcat > >>> adapter? > >>> http://www.keycloak.org/docs/2.5/securing_apps/topics/oidc/j > >>> ava/tomcat-adapter.html > >>> if so is there a specification on this and do different IDPs handle > this > >>> differently. i.e. if TomEE had a JWT adapter would it no longer need > the > >>> keycloak adapter? > >>> for instance the keycloak includes structures like UserRepresentation, > >>> RoleRepresentation, CredentialRepresentation. would this be handled in > a > >>> new JWT lib? > >>> > >>> > >>> On 28/03/2018 07:13, Romain Manni-Bucau wrote: > >>> > >>> Roberto PR *is* merged JL. > >>>> He did the work to be able to consume any CDI "container" lib. > >>>> > >>>> So I'd just extract the code as we discussed together in G before that > >>>> mess > >>>> and move forward to keep TCK and add the lib in the MP distro Roberto > >>>> created to fit that design. > >>>> > >>>> As soon as you imported the lib in G, I will make sure to help to make > >>>> it > >>>> releasable. > >>>> > >>>> As the ee concurrency utilities dev I can guarantee you it is wrong to > >>>> put > >>>> it in TomEE :( - mea culpa here. > >>>> > >>>> I can understand the "i cant commit" but you can PR and several of > these > >>>> objections are coming from people willing RTC which leads to the same > >>>> blocking state so not sure I get the rational to break projects here > and > >>>> make them messy which would deserve asf IMHO. > >>>> > >>>> Le 27 mars 2018 23:37, "Jonathan Gallimore" < > >>>> jonathan.gallim...@gmail.com > >>>> a écrit : > >>>> > >>>> If it can sit in its own repository, and that improves re-usability, > >>>> that > >>>> > >>>>> sounds like a good thing to me. I'd be happy with that under the > TomEE > >>>>> TLP. > >>>>> I am sure some folks will prefer to see it under Geronimo. I am a > TomEE > >>>>> committer, I am not yet a Geronimo committer (maybe someday....) so I > >>>>> would > >>>>> lean towards TomEE. Wherever it sits, it needs to be possible to work > >>>>> on > >>>>> it > >>>>> without being blocked. > >>>>> > >>>>> Jon > >>>>> > >>>>> On Tue, Mar 27, 2018 at 10:27 PM, Jean-Louis Monteiro < > >>>>> jlmonte...@tomitribe.com> wrote: > >>>>> > >>>>> What about this vote David? > >>>>> > >>>>>> Roberto's PR for MP-Config integration and mine about MP-JWT are > still > >>>>>> > >>>>>> not > >>>>> > >>>>> merged. > >>>>>> Most of the JWT code is server independent and therefor could be > >>>>>> > >>>>>> extracted > >>>>> > >>>>> into a separate library. > >>>>>> > >>>>>> So where the code sits is definitely a question we need to address. > >>>>>> I don't believe the current TomEE repo is a good home. > >>>>>> > >>>>>> TomEE as the Apache TLP can on the other hand become an home. > >>>>>> We only need another another repo where we could put some reusable > >>>>>> code. > >>>>>> > >>>>>> There are a couple of utility classes in TomEE that could also > become > >>>>>> a > >>>>>> reusable library. > >>>>>> I have prepared and pushed the 2 PRs for Chatterbox and Sheldon > >>>>>> donation. > >>>>>> > >>>>>> So I would probably propose to create a dedicated git repo where we > >>>>>> could > >>>>>> put all the reusable parts. > >>>>>> One benefit I see is that we could make the TomEE codebase a bit > >>>>>> lighter. > >>>>>> > >>>>>> What do you guys think? > >>>>>> > >>>>>> > >>>>>> > >>>>>> -- > >>>>>> Jean-Louis Monteiro > >>>>>> http://twitter.com/jlouismonteiro > >>>>>> http://www.tomitribe.com > >>>>>> > >>>>>> On Thu, Mar 22, 2018 at 10:47 AM, Matthew Broadhead < > >>>>>> matthew.broadh...@nbmlaw.co.uk> wrote: > >>>>>> > >>>>>> does this mean a reusable JWT library external to TomEE, or within > the > >>>>>> > >>>>>>> TomEE project? > >>>>>>> i have to agree with previous statements i read that TomEE is a > >>>>>>> bundle > >>>>>>> > >>>>>>> of > >>>>>> libraries and not really the place to locate reusable pluggable > >>>>>> projects. > >>>>>> it is more like the place where you might plug a project in once it > is > >>>>>> > >>>>>>> working > >>>>>>> > >>>>>>> > >>>>>>> On 19/03/2018 11:39, Jonathan Gallimore wrote: > >>>>>>> > >>>>>>> What's the other vote ("Geronimo one")? > >>>>>>> > >>>>>>>> Jon > >>>>>>>> > >>>>>>>> On Mon, Mar 19, 2018 at 6:33 AM, Romain Manni-Bucau < > >>>>>>>> rmannibu...@gmail.com> > >>>>>>>> wrote: > >>>>>>>> > >>>>>>>> Hey David, > >>>>>>>> > >>>>>>>> How does this vote relates to the geronimo one you launched? > >>>>>>>>> > >>>>>>>>> Are they purely concurrent or can they be conditional one for the > >>>>>>>>> > >>>>>>>>> other? > >>>>>>>> > >>>>>>>>> Le 19 mars 2018 01:03, "David Blevins" <david.blev...@gmail.com> > a > >>>>>>>>> écrit : > >>>>>>>>> > >>>>>>>>> The vote for merging PR 123 does not address community will on > what > >>>>>>>>> > >>>>>>>>> to > >>>>>>>> > >>>>>>> do > >>>>>> > >>>>>> with the code beyond merging it. One can realistically vote +1 to > >>>>>>> > >>>>>>>> merge > >>>>>>>>> > >>>>>>>> the code, but then desire to see the code cleaned up and moved > >>>>>>> > >>>>>>>> elsewhere. > >>>>>>>>>> One can realistically desire seeing an attempt to clean up the > >>>>>>>>>> code > >>>>>>>>>> > >>>>>>>>>> to > >>>>>>>>> > >>>>>>>> find > >>>>>> > >>>>>>> what is reusable and may wish to withhold a final decision until we > >>>>>>>>> see > >>>>>>>>> > >>>>>>>> how > >>>>>>> > >>>>>>>> fruitful such a module would be. > >>>>>>>>> > >>>>>>>>>> Out of respect for people who may not know exactly how they feel > >>>>>>>>>> > >>>>>>>>>> (TomEE > >>>>>>>>> > >>>>>>>> or > >>>>>>> > >>>>>>>> Geronimo), this is a vote for the latter. > >>>>>>>>> > >>>>>>>>>> Vote: Should we attempt to extract code from the JWT PR to see > >>>>>>>>>> what > >>>>>>>>>> > >>>>>>>>>> is > >>>>>>>>> > >>>>>>>> reusable and how successful such a jar would be? > >>>>>> > >>>>>>> +1 Let's give it a shot here > >>>>>>>>>> +-0 > >>>>>>>>>> -1 Let's do this elsewhere > >>>>>>>>>> > >>>>>>>>>> If the vote is +1 to attempt an extraction of reusable code > here, > >>>>>>>>>> > >>>>>>>>>> final > >>>>>>>>> > >>>>>>>> conclusion of if that extraction is worth it or where it should > live > >>>>>>> > >>>>>>>> is > >>>>>>>>> > >>>>>>>> not > >>>>>>> > >>>>>>>> being voted on. People are welcome to decide differently based on > >>>>>>>>> the > >>>>>>>>> > >>>>>>>> results of the exercise. > >>>>>> > >>>>>>> > >>>>>>>>>> -David > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > > >