Awesome. Good job Zoltan. David will review and comment. Otherwise, I'll try later today. -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com
On Sun, Dec 18, 2022 at 12:51 PM Zoltán Tichov <zoltan.tic...@gmail.com> wrote: > Hi! > > I managed to do it, I made a PR. > > https://github.com/apache/tomee/pull/990 > > Should I change the property name in the JWT TCK? > > > https://github.com/apache/tomee/blob/main/tck/microprofile-tck/jwt/src/test/java/org/apache/tomee/microprofile/tck/jwt/validation/ExpClaimAllowMissingExpValidationTest.java#L89 > > Thanks: > Zoltán > > > > > On Wed, Nov 9, 2022 at 9:24 PM David Blevins <david.blev...@gmail.com> > wrote: > > > > On Nov 9, 2022, at 10:29 AM, Zoltán Tichov <zoltan.tic...@gmail.com> > > wrote: > > > > > > Hi! > > > > > > Is there another task that could be taken care of? > > > > There's a change in the same code that's on my "I should really find the > > time to fix that" list if you want to dig in. > > > > Basically, we added a TomEE-specific property > > `mp.jwt.tomee.allow.no-exp`. We likely should avoid putting custom > > properties in the `mp.jwt.*` namespace and likely we should: > > > > - rename it to something that starts with `tomee` like say > > `tomee.mp.jwt.allow.no-exp` > > - ensure both properties work for backwards compatibility > > - `tomee.mp.jwt.allow.no-exp` would win if both were defined > > - any use of `mp.jwt.tomee.allow.no-exp` should get a warning log > > message > > - create an itest or two in `itests/microprofile-jwt-itests/` that uses > > the property > > - update `docs/microprofile/jwt.adoc` > > - File JIRA cause I haven't done that yet, LOL :) > > > > The runtime change will be a piece of cake for you. Most the work would > > be in the itest, which could be kind of new/fun to do. > > > > Thoughts? > > > > -David > > > > > On Wed, Nov 9, 2022 at 10:19 AM Jean-Louis Monteiro < > > > jlmonte...@tomitribe.com> wrote: > > > > > >> We can get the CI system to build it. > > >> Thanks Zoltan > > >> -- > > >> Jean-Louis Monteiro > > >> http://twitter.com/jlouismonteiro > > >> http://www.tomitribe.com > > >> > > >> > > >> On Wed, Nov 9, 2022 at 10:06 AM Richard Zowalla <rich...@zowalla.com> > > >> wrote: > > >> > > >>> Hi, > > >>> > > >>> good news! Yes - go for a PR. > > >>> > > >>> Gruß > > >>> Richard > > >>> > > >>> Am Dienstag, dem 08.11.2022 um 23:30 +0100 schrieb Zoltán Tichov: > > >>>> Hi! > > >>>> > > >>>> I managed to get all the MP-JWT-TCK 2.1-RC6 tests to pass. I created > > >>>> microprofile-jwt-2.1-RC6 branch in my forked tomee project. > > >>>> What should I do? Can I create a PR? > > >>>> > > >>>> Thanks: > > >>>> Zoltán > > >>>> > > >>>> On Wed, Nov 2, 2022 at 10:30 PM David Blevins < > > >>>> david.blev...@gmail.com> > > >>>> wrote: > > >>>> > > >>>>>> On Nov 2, 2022, at 1:51 PM, Zoltán Tichov < > > >>>>>> zoltan.tic...@gmail.com> > > >>>>> wrote: > > >>>>>> Hi! > > >>>>>> > > >>>>>> There is at least one new test method in TCK callEchoAgedToken() > > >>>>>> and > > >>>>> added > > >>>>>> a new feature > > >>>>>> 'mp.jwt.verify.token.age'. This method failed, because it should > > >>>>>> return > > >>>>>> with HttpURLConnection.HTTP_UNAUTHORIZED instead of > > >>>>>> HttpURLConnection.HTTP_OK. > > >>>>>> Am I right that this property should be checked in > > >>>>>> org.apache.tomee.microprofile.jwt.MPJWTFilter? > > >>>>> > > >>>>> That's exactly right. More than likely the jose4j library we use > > >>>>> already > > >>>>> supports token age -- definitely post if it doesn't cause then the > > >>>>> problem > > >>>>> is way harder. > > >>>>> > > >>>>> If it does already support something like token age, then the task > > >>>>> becomes > > >>>>> reading the new property and feeding that into `MPJWTFilter`. > > >>>>> > > >>>>> - `JWTAuthConfigurationProperties` is where we're currently > > >>>>> reading the > > >>>>> MP JWT properties > > >>>>> - `JWTAuthConfiguration` is where the above class puts those > > >>>>> properties > > >>>>> once read (you'll need to make a new field there) > > >>>>> > > >>>>> Once that's done you can update `MPJWTFilter` to setup the > > >>>>> JwtConsumerBuilder using the data in JWTAuthConfiguration if the > > >>>>> user set > > >>>>> it. > > >>>>> > > >>>>> > > >>>>> -David > > >>>>> > > >>>>> > > >>> > > >>> > > >> > > > > >