Yes that correct. You need to plugin that producer and the producer is the one that can leverage mp-config and the same property names.
This way, when switching to next TomEE, you only need to yank that producer and it should work out of the box. -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Mon, Feb 25, 2019 at 10:18 AM COURTAULT Francois < [email protected]> wrote: > Hello Jean-Louis, > > I have looked at the samples code. > As I am using TomEE 7.1.0 (MP JWT 1.0 compliant), I guess I can't use the > mp.jwt.verify.publickey or mp.jwt.verify.publickey.location and > mp.jwt.verify.issuer config properties, right ? > > Instead, I have to write a XXXMPJWTConfigurationProvider class in order to > generate a context info having the public key to check the JWT signature, > right ? > > Best Regards. > > -----Original Message----- > From: Jean-Louis Monteiro [mailto:[email protected]] > Sent: samedi 23 février 2019 11:22 > To: [email protected] > Subject: Re: Try to build a JWT sample > > Bonjour François, > > Is there a way for you to share the project? > I worked on the JWT implementation and the example, I might be able to > help. > -- > Jean-Louis Monteiro > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2Fjlouismonteiro&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=ovFBgowFCnAAMD0mMFccdi5ze2SMZPLEPnr9cRDIFqc%3D&reserved=0 > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.tomitribe.com&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=we33aDDG%2F2O7KR7Q3yDd7ZyRbgpnYE3p0XEz0OtbjQQ%3D&reserved=0 > > > On Fri, Feb 22, 2019 at 4:56 PM COURTAULT Francois < > [email protected]> wrote: > > > Hello, > > > > I try to build a simple sample using TomEE MP 7.1.0 but I get an error > > and I don't know what's going on or how I can fix that. > > For that, I have read the microprofile-jwt-auth-spec-1.0.pdf, so in my > > war application deployed: > > > > * I have a public class MPJwtApplication extends Application > > annotated with @LoginConfig(authMethod = "MP-JWT", realmName = > > "TCK-MP-JWT") > > > > * I have a resource class annotated @Path("resources") > > @RequestScoped where I have > > > > o @Inject private JsonWebToken callerPrincipal; > > > > o A @GET public Response test () { System.out.println("JsonWebToken:" > + > > callerPrincipal + "."); return Response.ok().build();} > > > > > > > > In the war deployed, I also have a beans.xml with the following content: > > > > <?xml version="1.0" encoding="UTF-8"?> <beans > > xmlns=" > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=SguBgQ1i0q3857p347Kz5DUEBQg0rPB87HEf9RhDLfo%3D&reserved=0 > " > > xmlns:xsi=" > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=b7SQw7g52Y8goyvKLR78uR9so5q2D%2BPZH5bAMl%2Bsh1Y%3D&reserved=0 > " > > > > xsi:schemaLocation="https://emea01.safelinks.protection.outlook.com/?u > > rl=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee&data=02%7C01%7CF > > rancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C3 > > 7d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata > > =SguBgQ1i0q3857p347Kz5DUEBQg0rPB87HEf9RhDLfo%3D&reserved=0 > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee%2Fbeans_1_1.xsd&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=UAMyzrxk%2BU2%2BMxNBvKe%2FFGTkQmFj7xq%2BtJC8YFrWWuk%3D&reserved=0 > " > > bean-discovery-mode="all"> > > > > </beans> > > > > > > > > Using Soap UI, I send a GET HTTP request with an Authorization header: > > bearer <JWT Base 64 encoded>, the error I get is: > > > > 22-Feb-2019 15:32:43.729 WARNING [http-nio-8080-exec-20] > > org.apache.cxf.phase.PhaseInterceptorChain.doDefaultLogging > > Application { > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjwt. > > mp%2F&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db > > 874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C63 > > 6865141334006978&sdata=5gjcfEjv5a%2BqTNyXk1ztdt1pnLE5JIevOexg28%2F > > cWlU%3D&reserved=0}MPJwtResource has thrown exception, unwinding > > now > > org.apache.cxf.interceptor.Fault: WebBeans producer : currentPrincipal > > return type in the component implementation class : > > org.apache.tomee.microprofile.jwt.cdi.MPJWTProducer scope type must be > > @Dependent to create null instance > > > > > > > > I was expecting to have the callerPrincipal set to null but why this > > CDI @Dependent scope error stuff ? > > > > > > Any idea ? > > > > Best Regards. > > ________________________________ > > This message and any attachments are intended solely for the > > addressees and may contain confidential information. Any unauthorized > > use or disclosure, either whole or partial, is prohibited. > > E-mails are susceptible to alteration. Our company shall not be liable > > for the message if altered, changed or falsified. If you are not the > > intended recipient of this message, please delete it and notify the > sender. > > Although all reasonable efforts have been made to keep this > > transmission free from viruses, the sender will not be liable for > > damages caused by a transmitted virus. > > > ________________________________ > This message and any attachments are intended solely for the addressees > and may contain confidential information. Any unauthorized use or > disclosure, either whole or partial, is prohibited. > E-mails are susceptible to alteration. Our company shall not be liable for > the message if altered, changed or falsified. If you are not the intended > recipient of this message, please delete it and notify the sender. > Although all reasonable efforts have been made to keep this transmission > free from viruses, the sender will not be liable for damages caused by a > transmitted virus. >
