Hi, I’ve done some work to push our MP JWT implementation from 1.0 to 1.1.
You can check it here: https://github.com/apache/tomee/pull/173 <https://github.com/apache/tomee/pull/173> There are still a couple of tests in the TCK that I have to fix and a few things that I would like to improve, but I think the majority of the work is done. Some time ago, there was a discussion in the list about how to integrate MP JWT with EE security: http://tomee-openejb.979440.n4.nabble.com/Implementing-Microprofile-JWT-td4683212i40.html <http://tomee-openejb.979440.n4.nabble.com/Implementing-Microprofile-JWT-td4683212i40.html> I believe we need to revisit that conversation and figure out how to move forward. Right now for instance, we don’t support injecting a JWT Principal since it clashes with the predefined by CDI. Most likely, we would need to plugin the JWT Principal lookup in TomcatSecurityService. I’m not sure if we want to do it in that way, or if we want to think in something else. Cheers, Roberto