I was also thinking about a Johnzon extension (kinda)

--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com

On Tue, Feb 13, 2018 at 3:53 PM, Mark Struberg <strub...@yahoo.de.invalid>
wrote:

> I know JWT a bit and I wonder whether doing the signing part is just a bit
> of Json (JSON-P) + commons-crypto?
> After all JWT is especially designed to be lightweight and straight
> forward.
>
> LieGrue,
> strub
>
>
>
> > Am 13.02.2018 um 15:33 schrieb Romain Manni-Bucau <rmannibu...@gmail.com
> >:
> >
> > 2018-02-13 15:28 GMT+01:00 Jean-Louis Monteiro <jlmonte...@tomitribe.com
> >:
> >
> >> Thanks for the feedback Jon.
> >>
> >> I had a couple of exchanges with Rudy which is happy to contribute some
> >> code as well.
> >> From what I have understood and seen, most of the code is integration
> code
> >> and there is at least from my current knowledge a little bit of code to
> put
> >> together in a reusable manner in a reusable library (where ever it
> sits).
> >> I was planning to do a quick prototype and get it to work from end to
> end
> >> into a working branch so we can move the discussion forward and see
> exactly
> >> where we go.
> >>
> >> Regarding the signing library, I am kinda on the same page.
> >> I don't see myself rewriting Johnzon to parse JSON and then Jose or
> Nimbus
> >> to do signing. There is absolutely no point at least for the POC. Again,
> >> we'll see if I get something working what we can do.
> >>
> >>
> >>
> > Agreeing for a PoC but for a production ready software it is if it can
> > conflict or bring drawbacks to the users to import the solution. The json
> > lib should at least be pluggable - avoids to shade/rewrite anything but
> let
> > the integrator use what he already has. Side note for json: for the
> overall
> > consistency using JSON-P makes it easy to get a common API which doesn't
> > need any investment and solves that "plug your impl" smoothly. For the
> > signing part it is a bit different since it will easily bring a huge
> stack
> > - how many bring jackson, simple-json, ... by default and are not
> > pluggable. This is an issue and can even lead to not working
> installations.
> > If you doubt I have like 700 components to show you it is not a random or
> > theorical thought. Investment is also quite light so not sure it does
> worth
> > speaking about it days.
> >
> >
> >>
> >>
> >>
> >> --
> >> Jean-Louis Monteiro
> >> http://twitter.com/jlouismonteiro
> >> http://www.tomitribe.com
> >>
> >> On Tue, Feb 13, 2018 at 12:43 PM, John D. Ament <johndam...@apache.org>
> >> wrote:
> >>
> >>>
> >>>
> >>> On 2018/02/12 20:42:58, Jonathan Gallimore <
> jonathan.gallim...@gmail.com
> >>>
> >>> wrote:
> >>>> On Mon, Feb 12, 2018 at 8:20 PM, Romain Manni-Bucau <
> >>> rmannibu...@gmail.com>
> >>>> wrote:
> >>>>
> >>>>> No Andy, as mentionned in the discussion Geronimo hosts the
> >>> microprofile
> >>>>> @asf. This is why jwt should probably be done in geronimo which is
> >> the
> >>> asf
> >>>>> ee related project umbrella.
> >>>>>
> >>>>
> >>>> I don't recall that discussion. Where did it take place?
> >>>
> >>> I *think* he meant me.  The only time JWT came up on Geronimo was at
> [1].
> >>> I had mentioned bringing over an impl based on Jose4J, Romain felt very
> >>> strongly we mustn't rely on 3rd party libraries.  I'm not sure why that
> >> is,
> >>> but it seemed based on the discussion we had two different aims so it
> >>> wasn't something I pushed forward on.  If there's interest within TomEE
> >> to
> >>> get a JWT impl up and running, I'd be happy to help (though I do feel
> >>> strongly relying on a 3rd party lib for the actual signature
> validation +
> >>> external sig support is important; to avoid that overhead).
> >>>
> >>> RE MP @ TomEE/Geronimo.  I don't believe there's any hard or fast rules
> >>> about what projects are allowed to host.  For example, there's interest
> >>> within Skywalking to host the CDI and JAX-RS extensions to support
> >> OpenApi;
> >>> but this spec doesn't represent something any server vendor would
> support
> >>> since its really about your APM solution.  CXF happily took on the MP
> >> Rest
> >>> Client when I proposed it; though I would hope TomEE relies on the CXF
> >>> library instead of crafting their own client (selfish desires).  The
> JWT
> >>> spec is weird, because it defined non MP runtime behavior in addition
> to
> >> MP
> >>> runtime behavior; so there may be more integration work in a fuller app
> >>> server like TomEE.
> >>>
> >>> </peanut-gallery>
> >>>
> >>> John
> >>>
> >>> [1]: https://lists.apache.org/thread.html/
> 4edc997cfe2e45aaf25bb118bc6216
> >>> 34c2832641cf3a9d954a6f7245@%3Cdev.geronimo.apache.org%3E
> >>>
> >>>>
> >>>>
> >>>>>
> >>>>> I understand it is not the most convenient for tomitribe which
> >> probably
> >>>>> perfers to own the full project(s) but as a foundation member I d
> >>> really
> >>>>> like to not let company details pollute projects
> >>>>
> >>>>
> >>>>> Also the discussion made clear to not do it in current repo whatever
> >>>>> project is used as umbrella so we should revert that and finish the
> >>>>> discussion before any action to not kill tomee project by a hard
> >>> company
> >>>>> driven management making it no more in the OSS spirit.
> >>>>>
> >>>>
> >>>> I agree the discussion should happen first, and I note that the change
> >>> has
> >>>> been reverted. I recall that we agreed on this list that we'd create
> >> new
> >>>> git projects for Sheldon and Chatterbox under the TomEE umbrella.
> >> Should
> >>>> other components sit under TomEE, I imagine that they would follow the
> >>> same
> >>>> pattern - i.e. discuss first, agree location, create repo or move
> >> things
> >>>> around as appropriate.
> >>>>
> >>>> I don't know what your specific issues are here, but I think you are
> >>> making
> >>>> some assumptions that are simply not true.
> >>>>
> >>>> Jon
> >>>>
> >>>>
> >>>>
> >>>>>
> >>>>> Le 12 févr. 2018 21:14, "Andy Gumbrecht" <agumbre...@tomitribe.com>
> >> a
> >>>>> écrit :
> >>>>>
> >>>>>> "Parts of the components skeletons you just created"
> >>>>>>
> >>>>>> They're just logically named empty modules for pending work?
> >>>>>>
> >>>>>>
> >>>>>> On 12/02/18 20:42, Mark Struberg wrote:
> >>>>>>
> >>>>>>> And what's that for?
> >>>>>>>
> >>>>>>> Is there any behind the scene stuff going on at Tomitribe or can
> >> we
> >>>>>>> finally get back to discussing such things on the Apache lists?
> >>>>>>>
> >>>>>>> Before we go on I'd would first finish the discussion how we want
> >> to
> >>>>> turn
> >>>>>>> TomEE into an umbrella project or how the structure would be. And
> >>>>>>> whether/how we want to integrate the modular Geronimo parts into
> >> one
> >>>>>>> project or not.
> >>>>>>>
> >>>>>>> Parts of the components skeletons you just created do already
> >> exist
> >>> at
> >>>>>>> the ASF.
> >>>>>>>
> >>>>>>> LieGrue,
> >>>>>>> strub
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> On Monday, 12 February 2018, 20:22:53 CET, Andy Gumbrecht <
> >>>>>>> agumbre...@tomitribe.com> wrote:
> >>>>>>>
> >>>>>>>
> >>>>>>> Added project stubs:
> >>>>>>> https://github.com/apache/tomee/tree/master/microprofile
> >>>>>>>
> >>>>>>> Andy.
> >>>>>>>
> >>>>>>>
> >>>>>>> On 05/02/18 11:17, Jean-Louis Monteiro wrote:
> >>>>>>>> Hi,
> >>>>>>>>
> >>>>>>>> Ok thanks guys.
> >>>>>>>> @Rudy, you are most welcome :)
> >>>>>>>>
> >>>>>>>> --
> >>>>>>>> Jean-Louis Monteiro
> >>>>>>>> http://twitter.com/jlouismonteiro
> >>>>>>>> http://www.tomitribe.com
> >>>>>>>>
> >>>>>>>> On Fri, Feb 2, 2018 at 11:39 AM, Rudy De Busscher <
> >>>>>>> rdebussc...@gmail.com <mailto:rdebussc...@gmail.com>>
> >>>>>>>> wrote:
> >>>>>>>>
> >>>>>>>>> I think it is a very important spec, also for non-microprofile
> >>>>>>>>> implementations as it can enhance the interoperability of all
> >>>>> servers.
> >>>>>>>>>
> >>>>>>>>> I'm also very interested in the implementation (and want to
> >> help
> >>> a
> >>>>> bit
> >>>>>>> with
> >>>>>>>>> it also :) )
> >>>>>>>>>
> >>>>>>>>> regards
> >>>>>>>>> Rudy
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> On 2 February 2018 at 11:23, Mark Struberg
> >>> <strub...@yahoo.de.invalid
> >>>>>>> <mailto:strub...@yahoo.de.invalid>>
> >>>>>>>>> wrote:
> >>>>>>>>>
> >>>>>>>>>> To clarify this even further:
> >>>>>>>>>> The Geronimo Server is now officially dead.
> >>>>>>>>>> But the Geronimo project is not. It alredy contains quite a
> >> few
> >>>>>>> modular
> >>>>>>>>>> parts which are reused in many ASF projects and also outside.
> >>>>>>>>>> Examples is the geronimo-transaction-manager,
> >> geronimo-javamail,
> >>>>>>>>>> geronimo-config, xbean-finder, etc
> >>>>>>>>>>
> >>>>>>>>>> Of course it would probably make sense to fold those 2
> >> projects
> >>>>>>> together,
> >>>>>>>>>> as already discussed in the past.
> >>>>>>>>>> I'm still all open to it, but I have an important criterium to
> >>>>> fulfil:
> >>>>>>>>>> If we move those portable parts to TomEE, then this would mean
> >>> that
> >>>>>>> TomEE
> >>>>>>>>>> would become an 'Umbrella project'.
> >>>>>>>>>> And further that we would need a new name for those portable
> >>> parts.
> >>>>>>>>>> They would effectively be mainatained by the TomEE community
> >>> (which
> >>>>>>> has a
> >>>>>>>>>> big overlap with Geronimo anyway) but those parts must clearly
> >>> be
> >>>>>>>>>> recognized separately from TomEE.
> >>>>>>>>>>
> >>>>>>>>>> Otherwise people will assume that those parts only work within
> >>>>> TomEE -
> >>>>>>>>>> where in reality they would even work on WildFly or Liberty,
> >>> etc. or
> >>>>>>>>> even a
> >>>>>>>>>> naked Tomcat.
> >>>>>>>>>> Got me?
> >>>>>>>>>>
> >>>>>>>>>> We might e.g. brand them as 'TomEE Geronimo Spare Parts
> >>> Department'
> >>>>> :)
> >>>>>>>>>>
> >>>>>>>>>> LieGrue,
> >>>>>>>>>> strub
> >>>>>>>>>>
> >>>>>>>>>> PS: I'd also love to keep the org.apache.geronimo package name
> >>> to
> >>>>> ease
> >>>>>>>>>> backward compatibility.
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>> Am 02.02.2018 um 11:08 schrieb Romain Manni-Bucau <
> >>>>>>>>> rmannibu...@gmail.com <mailto:rmannibu...@gmail.com>
> >>>>>>>>>>> :
> >>>>>>>>>>>
> >>>>>>>>>>> 2018-02-02 11:05 GMT+01:00 Otávio Gonçalves de Santana <
> >>>>>>>>>>> osant...@tomitribe.com <mailto:osant...@tomitribe.com>>:
> >>>>>>>>>>>
> >>>>>>>>>>>> Guys, I have a question:
> >>>>>>>>>>>>
> >>>>>>>>>>>> Why not a project to each implementation?
> >>>>>>>>>>>>
> >>>>>>>>>>> this is the case but geronimo is used as an umbrella project.
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>> This way I can use just a specific if I want also.
> >>>>>>>>>>>>
> >>>>>>>>>>> exactly the goal and user usage AFAIK ;)
> >>>>>>>>>>>
> >>>>>>>>>>> long story short: we learnt from the past errors and since
> >>> always
> >>>>> the
> >>>>>>>>>> same
> >>>>>>>>>>> people work on these projects it is better to not split it
> >>> accross
> >>>>> N
> >>>>>>>>>>> communities since
> >>>>>>>>>>> it leads to a lot of efforts for these people. Having a
> >> single
> >>>>>>> umbrella
> >>>>>>>>>>> project with N subprojects reduces the administrative work
> >> etc
> >>> and
> >>>>>>>>>> enhance
> >>>>>>>>>>> the projects productivity.
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>> On Fri, Feb 2, 2018 at 7:44 AM, Romain Manni-Bucau <
> >>>>>>>>>> rmannibu...@gmail.com <mailto:rmannibu...@gmail.com>>
> >>>>>>>>>>>> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>> Hi JL,
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Microprofile apache effort is hosted in geronimo and John
> >>> already
> >>>>>>>>> spoke
> >>>>>>>>>>>>> about it I think. Would probably saner to keep it all at
> >> the
> >>> same
> >>>>>>>>> place
> >>>>>>>>>>>> for
> >>>>>>>>>>>>> the foundation.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Romain Manni-Bucau
> >>>>>>>>>>>>> @rmannibucau <https://twitter.com/rmannibucau> |  Blog
> >>>>>>>>>>>>> <https://rmannibucau.metawerx.net/> | Old Blog
> >>>>>>>>>>>>> <http://rmannibucau.wordpress.com> | Github <
> >>> https://github.com/
> >>>>>>>>>>>>> rmannibucau> |
> >>>>>>>>>>>>> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
> >>>>>>>>>>>>> <https://www.packtpub.com/application-development/java-
> >>>>>>>>>>>>> ee-8-high-performance>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> 2018-02-02 9:39 GMT+01:00 Jean-Louis Monteiro <
> >>>>>>>>>> jlmonte...@tomitribe.com <mailto:jlmonte...@tomitribe.com>
> >>>>>>>>>>>>> :
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> Hi all,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> I was wondering if we could have the Microprofile JWT
> >>>>> implemented
> >>>>>>> in
> >>>>>>>>>>>>> TomEE.
> >>>>>>>>>>>>>> What do you think?
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> I was reading the spec and I'd like to contribute that in.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Jean-Louis
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> --
> >>>>>>>>>>>>>> Jean-Louis Monteiro
> >>>>>>>>>>>>>> http://twitter.com/jlouismonteiro
> >>>>>>>>>>>>>> http://www.tomitribe.com
> >>>>>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> Andy Gumbrecht
> >>>>>>> https://twitter.com/AndyGeeDe
> >>>>>>>
> >>>>>>> http://www.tomitribe.com
> >>>>>>>
> >>>>>>> https://www.tomitribe.io
> >>>>>>>
> >>>>>>>
> >>>>>>> Ubique
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>> --
> >>>>>> Andy Gumbrecht
> >>>>>> https://twitter.com/AndyGeeDe
> >>>>>> http://www.tomitribe.com
> >>>>>> https://www.tomitribe.io
> >>>>>>
> >>>>>>
> >>>>>> Ubique
>
>

Reply via email to