Any objection if I pick this up and have a go at the last tests, or is someone already working on this?
On Thu, Sep 27, 2018 at 5:44 PM Romain Manni-Bucau <rmannibu...@gmail.com> wrote: > Yep this feature. Then it must works since we support user principal if the > jwt filter is corretly placed in the filter chain and we must inherit from > the request principal. > > Le jeu. 27 sept. 2018 18:37, Roberto Cortez <radcor...@yahoo.com.invalid> > a > écrit : > > > I guess you are referring to this, to remove the proxy? > > > > > https://github.com/apache/openwebbeans/commit/a21a949fb19247dcc39ee89292a1554b2cf1388e > > < > > > https://github.com/apache/openwebbeans/commit/a21a949fb19247dcc39ee89292a1554b2cf1388e > > > > > > > Yes, this one step. > > > > By default, we do inject the generic Principal of Tomcat. We probably > need > > to check first about the existence of a JWT Principal and then fallback > to > > the Tomcat one. I think I know how to do it, I was just trying to broaden > > up the conversation about general integration with EE security. > > > > Cheers, > > Roberto > > > > > On 26 Sep 2018, at 07:21, Romain Manni-Bucau <rmannibu...@gmail.com> > > wrote: > > > > > > OWB enable to do it - we did it in geronimo impl to pass tck of jwt > auth > > > spec. > > > > > > Le mer. 26 sept. 2018 03:28, Roberto Cortez > <radcor...@yahoo.com.invalid> > > a > > > écrit : > > > > > >> Hi, > > >> > > >> I’ve done some work to push our MP JWT implementation from 1.0 to 1.1. > > >> > > >> You can check it here: > > >> https://github.com/apache/tomee/pull/173 < > > >> https://github.com/apache/tomee/pull/173> > > >> > > >> There are still a couple of tests in the TCK that I have to fix and a > > few > > >> things that I would like to improve, but I think the majority of the > > work > > >> is done. > > >> > > >> Some time ago, there was a discussion in the list about how to > integrate > > >> MP JWT with EE security: > > >> > > >> > > > http://tomee-openejb.979440.n4.nabble.com/Implementing-Microprofile-JWT-td4683212i40.html > > >> < > > >> > > > http://tomee-openejb.979440.n4.nabble.com/Implementing-Microprofile-JWT-td4683212i40.html > > >>> > > >> > > >> I believe we need to revisit that conversation and figure out how to > > move > > >> forward. > > >> > > >> Right now for instance, we don’t support injecting a JWT Principal > since > > >> it clashes with the predefined by CDI. Most likely, we would need to > > plugin > > >> the JWT Principal lookup in TomcatSecurityService. I’m not sure if we > > want > > >> to do it in that way, or if we want to think in something else. > > >> > > >> Cheers, > > >> Roberto > > > > >
