Yep this feature. Then it must works since we support user principal if the jwt filter is corretly placed in the filter chain and we must inherit from the request principal.
Le jeu. 27 sept. 2018 18:37, Roberto Cortez <radcor...@yahoo.com.invalid> a écrit : > I guess you are referring to this, to remove the proxy? > > https://github.com/apache/openwebbeans/commit/a21a949fb19247dcc39ee89292a1554b2cf1388e > < > https://github.com/apache/openwebbeans/commit/a21a949fb19247dcc39ee89292a1554b2cf1388e > > > > Yes, this one step. > > By default, we do inject the generic Principal of Tomcat. We probably need > to check first about the existence of a JWT Principal and then fallback to > the Tomcat one. I think I know how to do it, I was just trying to broaden > up the conversation about general integration with EE security. > > Cheers, > Roberto > > > On 26 Sep 2018, at 07:21, Romain Manni-Bucau <rmannibu...@gmail.com> > wrote: > > > > OWB enable to do it - we did it in geronimo impl to pass tck of jwt auth > > spec. > > > > Le mer. 26 sept. 2018 03:28, Roberto Cortez <radcor...@yahoo.com.invalid> > a > > écrit : > > > >> Hi, > >> > >> I’ve done some work to push our MP JWT implementation from 1.0 to 1.1. > >> > >> You can check it here: > >> https://github.com/apache/tomee/pull/173 < > >> https://github.com/apache/tomee/pull/173> > >> > >> There are still a couple of tests in the TCK that I have to fix and a > few > >> things that I would like to improve, but I think the majority of the > work > >> is done. > >> > >> Some time ago, there was a discussion in the list about how to integrate > >> MP JWT with EE security: > >> > >> > http://tomee-openejb.979440.n4.nabble.com/Implementing-Microprofile-JWT-td4683212i40.html > >> < > >> > http://tomee-openejb.979440.n4.nabble.com/Implementing-Microprofile-JWT-td4683212i40.html > >>> > >> > >> I believe we need to revisit that conversation and figure out how to > move > >> forward. > >> > >> Right now for instance, we don’t support injecting a JWT Principal since > >> it clashes with the predefined by CDI. Most likely, we would need to > plugin > >> the JWT Principal lookup in TomcatSecurityService. I’m not sure if we > want > >> to do it in that way, or if we want to think in something else. > >> > >> Cheers, > >> Roberto > >
