All -

I got JWT token security working now with Karaf-4.2.6, but I had to switch from 
CXF to JAX-RS whiteboard. The JAX-RS whiteboard spec is officially part of OSGi 
7 but this solution works fine with K-4.2.6 and OSGi-6. It took me a while to 
figure this out, so I want to share what I learned here.

There are 3 jigsaw pieces needed to make this work.

1. The filter needs to be registered as ContainerRequestFilter with the 
osgi.jaxrs.extension property set to true, otherwise it is not picked up. The 
filter also needs the annotation for which it is applicable. If omitted the 
filter method will be called for every endpoint call. The name of the 
annotation is arbitrary but it seems that JWTAdminTokenNeeded, JWTTokenNeeded 
and JWTUserTokenNeeded are most common.

        @JWTAdminTokenNeeded
        @Component( service = ContainerRequestFilter.class, property = { 
"osgi.jaxrs.extension=true” } )
        public class JWTAdminTokenNeededFilter implements 
ContainerRequestFilter {

2. The endpoint component needs to be registered with the osgi.jaxrs.resource 
property set to true, like so.

        @Component(service = TheService.class, property = { 
"osgi.jaxrs.resource=true" })
        public class TheServiceImpl implements TheService {

3. The endpoint method needs the annotation for the required filter.
        @Override
        @JWTAdminTokenNeeded
        @PUT
        @Path("/")
        public Response updateThingy(ThingyDTO thingy) {


Most, if not all of the above is described in the OSGi 7 JAX-RS whiteboard 
Specification here 
https://osgi.org/specification/osgi.cmpn/7.0.0/service.jaxrs.html 
<https://osgi.org/specification/osgi.cmpn/7.0.0/service.jaxrs.html> but 
sometimes you won’t see it until you know what you are looking for.

Hope this helps.

BTW… I am still a tad confused why this won’t work with CXF so if someone has 
some ideas I’d be more than happy to give that another try.


Erwin



> On Aug 26, 2019, at 19:19, Erwin Hogeweg <erwin.hoge...@me.com> wrote:
> 
> Hi,
> 
> Does anyone have an example on how to register a ContainerRequestFilter with 
> CXF in Karaf-4.2?
> 
> As far as I can see everything is in place, but the filter() and validate() 
> methods are never called before the service methods are invoked. I am sure I 
> am missing something but so far I haven’t discovered it yet. I was wondering 
> if somebody had an idea before I start digging in the CXF code.
> 
> 
> Thanks for your help,
> 
> Erwin
> 
> 
> This is from my JWTTokenNeededFilter file.
> @JWTTokenNeeded
> @Component( immediate = true,
>             name = "my.jwt.filters.JWTTokenNeededFilter",
>             configurationPolicy = ConfigurationPolicy.OPTIONAL
>             )
> @Provider
> @Priority(Priorities.AUTHENTICATION)
> public class JWTTokenNeededFilter implements ContainerRequestFilter {…}
> 
> 
> In my RS Service Component I define the Filters as follows (Not entirely sure 
> if this is correct).
> 
>   @Component(
>       immediate = true, 
>       name = "com.seecago.rome.usermgt.service", 
>       configurationPolicy = ConfigurationPolicy.OPTIONAL, 
>       property = {
>               "type=internal", 
>               “service.exported.interfaces=my.service.MyManagementService",
>               "service.exported.configs=org.apache.cxf.rs 
> <http://org.apache.cxf.rs/>", 
>               "org.apache.cxf.rs.address=/UserProfile",
>               "service.exported.intents=HTTP",
>               
> “org.apache.cxf.rs.provider=my.jwt.filters.JWTAdminTokenNeededFilter",
>               
> “org.apache.cxf.rs.provider=my.jwt.filters.JWTUserTokenNeededFilter",
>               
> “org.apache.cxf.rs.provider=my.jwt.filters.JWTTokenNeededFilter"})
> 
> 
> This is how I defined a secure service call:
>     @Override
>     @JWTTokenNeeded
>       public SomeResult getItemById(Long itemId) {…}
> 
> 
> And this is what scr:info n returns for the Filter Component:
> 
> *** Bundle: my.server.security (205)
> Component Description:
>   Name: my.jwt.filters.JWTTokenNeededFilter
>   Implementation Class: my.jwt.filters.JWTTokenNeededFilter
>   Default State: enabled
>   Activation: immediate
>   Configuration Policy: optional
>   Activate Method: activate
>   Deactivate Method: deactivate
>   Modified Method: -
>   Configuration Pid: [my.jwt.filters.JWTTokenNeededFilter]
>   Services: 
>     javax.ws.rs.container.ContainerRequestFilter
>   Service Scope: singleton
>   Component Description Properties:
>   Component Configuration:
>     ComponentId: 5
>     State: active      
>     Component Configuration Properties:
>         component.id <http://component.id/> = 5
>         component.name = my.jwt.filters.JWTTokenNeededFilter
> 
> 
> 

Reply via email to