Too early for me to figure this out. Really need to get an example working so that I can think of a cleaner design.
-- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Tue, Feb 13, 2018 at 4:58 PM, Mark Struberg <strub...@yahoo.de.invalid> wrote: > Might do as well. > But the JSON-P part is really well abstracted. So this is easy to plug-in. > > I'm more worried about the authorisation and authentication interface. > Anything EE security seems way too heavyweight for me. This might work out > for TomEE, but would kill it's use in any more lightweight approach. > So probably introduce an own pluggable SPI for authentication and > authorisation? > Then it really could be done pretty much anywhere. Or do we have yet > another 'interface area'? > > LieGrue, > strub > > > > Am 13.02.2018 um 16:52 schrieb Jean-Louis Monteiro < > jlmonte...@tomitribe.com>: > > > > I was also thinking about a Johnzon extension (kinda) > > > > -- > > Jean-Louis Monteiro > > http://twitter.com/jlouismonteiro > > http://www.tomitribe.com > > > > On Tue, Feb 13, 2018 at 3:53 PM, Mark Struberg <strub...@yahoo.de.invalid > > > > wrote: > > > >> I know JWT a bit and I wonder whether doing the signing part is just a > bit > >> of Json (JSON-P) + commons-crypto? > >> After all JWT is especially designed to be lightweight and straight > >> forward. > >> > >> LieGrue, > >> strub > >> > >> > >> > >>> Am 13.02.2018 um 15:33 schrieb Romain Manni-Bucau < > rmannibu...@gmail.com > >>> : > >>> > >>> 2018-02-13 15:28 GMT+01:00 Jean-Louis Monteiro < > jlmonte...@tomitribe.com > >>> : > >>> > >>>> Thanks for the feedback Jon. > >>>> > >>>> I had a couple of exchanges with Rudy which is happy to contribute > some > >>>> code as well. > >>>> From what I have understood and seen, most of the code is integration > >> code > >>>> and there is at least from my current knowledge a little bit of code > to > >> put > >>>> together in a reusable manner in a reusable library (where ever it > >> sits). > >>>> I was planning to do a quick prototype and get it to work from end to > >> end > >>>> into a working branch so we can move the discussion forward and see > >> exactly > >>>> where we go. > >>>> > >>>> Regarding the signing library, I am kinda on the same page. > >>>> I don't see myself rewriting Johnzon to parse JSON and then Jose or > >> Nimbus > >>>> to do signing. There is absolutely no point at least for the POC. > Again, > >>>> we'll see if I get something working what we can do. > >>>> > >>>> > >>>> > >>> Agreeing for a PoC but for a production ready software it is if it can > >>> conflict or bring drawbacks to the users to import the solution. The > json > >>> lib should at least be pluggable - avoids to shade/rewrite anything but > >> let > >>> the integrator use what he already has. Side note for json: for the > >> overall > >>> consistency using JSON-P makes it easy to get a common API which > doesn't > >>> need any investment and solves that "plug your impl" smoothly. For the > >>> signing part it is a bit different since it will easily bring a huge > >> stack > >>> - how many bring jackson, simple-json, ... by default and are not > >>> pluggable. This is an issue and can even lead to not working > >> installations. > >>> If you doubt I have like 700 components to show you it is not a random > or > >>> theorical thought. Investment is also quite light so not sure it does > >> worth > >>> speaking about it days. > >>> > >>> > >>>> > >>>> > >>>> > >>>> -- > >>>> Jean-Louis Monteiro > >>>> http://twitter.com/jlouismonteiro > >>>> http://www.tomitribe.com > >>>> > >>>> On Tue, Feb 13, 2018 at 12:43 PM, John D. Ament < > johndam...@apache.org> > >>>> wrote: > >>>> > >>>>> > >>>>> > >>>>> On 2018/02/12 20:42:58, Jonathan Gallimore < > >> jonathan.gallim...@gmail.com > >>>>> > >>>>> wrote: > >>>>>> On Mon, Feb 12, 2018 at 8:20 PM, Romain Manni-Bucau < > >>>>> rmannibu...@gmail.com> > >>>>>> wrote: > >>>>>> > >>>>>>> No Andy, as mentionned in the discussion Geronimo hosts the > >>>>> microprofile > >>>>>>> @asf. This is why jwt should probably be done in geronimo which is > >>>> the > >>>>> asf > >>>>>>> ee related project umbrella. > >>>>>>> > >>>>>> > >>>>>> I don't recall that discussion. Where did it take place? > >>>>> > >>>>> I *think* he meant me. The only time JWT came up on Geronimo was at > >> [1]. > >>>>> I had mentioned bringing over an impl based on Jose4J, Romain felt > very > >>>>> strongly we mustn't rely on 3rd party libraries. I'm not sure why > that > >>>> is, > >>>>> but it seemed based on the discussion we had two different aims so it > >>>>> wasn't something I pushed forward on. If there's interest within > TomEE > >>>> to > >>>>> get a JWT impl up and running, I'd be happy to help (though I do feel > >>>>> strongly relying on a 3rd party lib for the actual signature > >> validation + > >>>>> external sig support is important; to avoid that overhead). > >>>>> > >>>>> RE MP @ TomEE/Geronimo. I don't believe there's any hard or fast > rules > >>>>> about what projects are allowed to host. For example, there's > interest > >>>>> within Skywalking to host the CDI and JAX-RS extensions to support > >>>> OpenApi; > >>>>> but this spec doesn't represent something any server vendor would > >> support > >>>>> since its really about your APM solution. CXF happily took on the MP > >>>> Rest > >>>>> Client when I proposed it; though I would hope TomEE relies on the > CXF > >>>>> library instead of crafting their own client (selfish desires). The > >> JWT > >>>>> spec is weird, because it defined non MP runtime behavior in addition > >> to > >>>> MP > >>>>> runtime behavior; so there may be more integration work in a fuller > app > >>>>> server like TomEE. > >>>>> > >>>>> </peanut-gallery> > >>>>> > >>>>> John > >>>>> > >>>>> [1]: https://lists.apache.org/thread.html/ > >> 4edc997cfe2e45aaf25bb118bc6216 > >>>>> 34c2832641cf3a9d954a6f7245@%3Cdev.geronimo.apache.org%3E > >>>>> > >>>>>> > >>>>>> > >>>>>>> > >>>>>>> I understand it is not the most convenient for tomitribe which > >>>> probably > >>>>>>> perfers to own the full project(s) but as a foundation member I d > >>>>> really > >>>>>>> like to not let company details pollute projects > >>>>>> > >>>>>> > >>>>>>> Also the discussion made clear to not do it in current repo > whatever > >>>>>>> project is used as umbrella so we should revert that and finish the > >>>>>>> discussion before any action to not kill tomee project by a hard > >>>>> company > >>>>>>> driven management making it no more in the OSS spirit. > >>>>>>> > >>>>>> > >>>>>> I agree the discussion should happen first, and I note that the > change > >>>>> has > >>>>>> been reverted. I recall that we agreed on this list that we'd create > >>>> new > >>>>>> git projects for Sheldon and Chatterbox under the TomEE umbrella. > >>>> Should > >>>>>> other components sit under TomEE, I imagine that they would follow > the > >>>>> same > >>>>>> pattern - i.e. discuss first, agree location, create repo or move > >>>> things > >>>>>> around as appropriate. > >>>>>> > >>>>>> I don't know what your specific issues are here, but I think you are > >>>>> making > >>>>>> some assumptions that are simply not true. > >>>>>> > >>>>>> Jon > >>>>>> > >>>>>> > >>>>>> > >>>>>>> > >>>>>>> Le 12 févr. 2018 21:14, "Andy Gumbrecht" <agumbre...@tomitribe.com > > > >>>> a > >>>>>>> écrit : > >>>>>>> > >>>>>>>> "Parts of the components skeletons you just created" > >>>>>>>> > >>>>>>>> They're just logically named empty modules for pending work? > >>>>>>>> > >>>>>>>> > >>>>>>>> On 12/02/18 20:42, Mark Struberg wrote: > >>>>>>>> > >>>>>>>>> And what's that for? > >>>>>>>>> > >>>>>>>>> Is there any behind the scene stuff going on at Tomitribe or can > >>>> we > >>>>>>>>> finally get back to discussing such things on the Apache lists? > >>>>>>>>> > >>>>>>>>> Before we go on I'd would first finish the discussion how we want > >>>> to > >>>>>>> turn > >>>>>>>>> TomEE into an umbrella project or how the structure would be. And > >>>>>>>>> whether/how we want to integrate the modular Geronimo parts into > >>>> one > >>>>>>>>> project or not. > >>>>>>>>> > >>>>>>>>> Parts of the components skeletons you just created do already > >>>> exist > >>>>> at > >>>>>>>>> the ASF. > >>>>>>>>> > >>>>>>>>> LieGrue, > >>>>>>>>> strub > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> On Monday, 12 February 2018, 20:22:53 CET, Andy Gumbrecht < > >>>>>>>>> agumbre...@tomitribe.com> wrote: > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> Added project stubs: > >>>>>>>>> https://github.com/apache/tomee/tree/master/microprofile > >>>>>>>>> > >>>>>>>>> Andy. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> On 05/02/18 11:17, Jean-Louis Monteiro wrote: > >>>>>>>>>> Hi, > >>>>>>>>>> > >>>>>>>>>> Ok thanks guys. > >>>>>>>>>> @Rudy, you are most welcome :) > >>>>>>>>>> > >>>>>>>>>> -- > >>>>>>>>>> Jean-Louis Monteiro > >>>>>>>>>> http://twitter.com/jlouismonteiro > >>>>>>>>>> http://www.tomitribe.com > >>>>>>>>>> > >>>>>>>>>> On Fri, Feb 2, 2018 at 11:39 AM, Rudy De Busscher < > >>>>>>>>> rdebussc...@gmail.com <mailto:rdebussc...@gmail.com>> > >>>>>>>>>> wrote: > >>>>>>>>>> > >>>>>>>>>>> I think it is a very important spec, also for non-microprofile > >>>>>>>>>>> implementations as it can enhance the interoperability of all > >>>>>>> servers. > >>>>>>>>>>> > >>>>>>>>>>> I'm also very interested in the implementation (and want to > >>>> help > >>>>> a > >>>>>>> bit > >>>>>>>>> with > >>>>>>>>>>> it also :) ) > >>>>>>>>>>> > >>>>>>>>>>> regards > >>>>>>>>>>> Rudy > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> On 2 February 2018 at 11:23, Mark Struberg > >>>>> <strub...@yahoo.de.invalid > >>>>>>>>> <mailto:strub...@yahoo.de.invalid>> > >>>>>>>>>>> wrote: > >>>>>>>>>>> > >>>>>>>>>>>> To clarify this even further: > >>>>>>>>>>>> The Geronimo Server is now officially dead. > >>>>>>>>>>>> But the Geronimo project is not. It alredy contains quite a > >>>> few > >>>>>>>>> modular > >>>>>>>>>>>> parts which are reused in many ASF projects and also outside. > >>>>>>>>>>>> Examples is the geronimo-transaction-manager, > >>>> geronimo-javamail, > >>>>>>>>>>>> geronimo-config, xbean-finder, etc > >>>>>>>>>>>> > >>>>>>>>>>>> Of course it would probably make sense to fold those 2 > >>>> projects > >>>>>>>>> together, > >>>>>>>>>>>> as already discussed in the past. > >>>>>>>>>>>> I'm still all open to it, but I have an important criterium to > >>>>>>> fulfil: > >>>>>>>>>>>> If we move those portable parts to TomEE, then this would mean > >>>>> that > >>>>>>>>> TomEE > >>>>>>>>>>>> would become an 'Umbrella project'. > >>>>>>>>>>>> And further that we would need a new name for those portable > >>>>> parts. > >>>>>>>>>>>> They would effectively be mainatained by the TomEE community > >>>>> (which > >>>>>>>>> has a > >>>>>>>>>>>> big overlap with Geronimo anyway) but those parts must clearly > >>>>> be > >>>>>>>>>>>> recognized separately from TomEE. > >>>>>>>>>>>> > >>>>>>>>>>>> Otherwise people will assume that those parts only work within > >>>>>>> TomEE - > >>>>>>>>>>>> where in reality they would even work on WildFly or Liberty, > >>>>> etc. or > >>>>>>>>>>> even a > >>>>>>>>>>>> naked Tomcat. > >>>>>>>>>>>> Got me? > >>>>>>>>>>>> > >>>>>>>>>>>> We might e.g. brand them as 'TomEE Geronimo Spare Parts > >>>>> Department' > >>>>>>> :) > >>>>>>>>>>>> > >>>>>>>>>>>> LieGrue, > >>>>>>>>>>>> strub > >>>>>>>>>>>> > >>>>>>>>>>>> PS: I'd also love to keep the org.apache.geronimo package name > >>>>> to > >>>>>>> ease > >>>>>>>>>>>> backward compatibility. > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>>> Am 02.02.2018 um 11:08 schrieb Romain Manni-Bucau < > >>>>>>>>>>> rmannibu...@gmail.com <mailto:rmannibu...@gmail.com> > >>>>>>>>>>>>> : > >>>>>>>>>>>>> > >>>>>>>>>>>>> 2018-02-02 11:05 GMT+01:00 Otávio Gonçalves de Santana < > >>>>>>>>>>>>> osant...@tomitribe.com <mailto:osant...@tomitribe.com>>: > >>>>>>>>>>>>> > >>>>>>>>>>>>>> Guys, I have a question: > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Why not a project to each implementation? > >>>>>>>>>>>>>> > >>>>>>>>>>>>> this is the case but geronimo is used as an umbrella project. > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>>> This way I can use just a specific if I want also. > >>>>>>>>>>>>>> > >>>>>>>>>>>>> exactly the goal and user usage AFAIK ;) > >>>>>>>>>>>>> > >>>>>>>>>>>>> long story short: we learnt from the past errors and since > >>>>> always > >>>>>>> the > >>>>>>>>>>>> same > >>>>>>>>>>>>> people work on these projects it is better to not split it > >>>>> accross > >>>>>>> N > >>>>>>>>>>>>> communities since > >>>>>>>>>>>>> it leads to a lot of efforts for these people. Having a > >>>> single > >>>>>>>>> umbrella > >>>>>>>>>>>>> project with N subprojects reduces the administrative work > >>>> etc > >>>>> and > >>>>>>>>>>>> enhance > >>>>>>>>>>>>> the projects productivity. > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>>> On Fri, Feb 2, 2018 at 7:44 AM, Romain Manni-Bucau < > >>>>>>>>>>>> rmannibu...@gmail.com <mailto:rmannibu...@gmail.com>> > >>>>>>>>>>>>>> wrote: > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Hi JL, > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Microprofile apache effort is hosted in geronimo and John > >>>>> already > >>>>>>>>>>> spoke > >>>>>>>>>>>>>>> about it I think. Would probably saner to keep it all at > >>>> the > >>>>> same > >>>>>>>>>>> place > >>>>>>>>>>>>>> for > >>>>>>>>>>>>>>> the foundation. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Romain Manni-Bucau > >>>>>>>>>>>>>>> @rmannibucau <https://twitter.com/rmannibucau> | Blog > >>>>>>>>>>>>>>> <https://rmannibucau.metawerx.net/> | Old Blog > >>>>>>>>>>>>>>> <http://rmannibucau.wordpress.com> | Github < > >>>>> https://github.com/ > >>>>>>>>>>>>>>> rmannibucau> | > >>>>>>>>>>>>>>> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book > >>>>>>>>>>>>>>> <https://www.packtpub.com/application-development/java- > >>>>>>>>>>>>>>> ee-8-high-performance> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> 2018-02-02 9:39 GMT+01:00 Jean-Louis Monteiro < > >>>>>>>>>>>> jlmonte...@tomitribe.com <mailto:jlmonte...@tomitribe.com> > >>>>>>>>>>>>>>> : > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Hi all, > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> I was wondering if we could have the Microprofile JWT > >>>>>>> implemented > >>>>>>>>> in > >>>>>>>>>>>>>>> TomEE. > >>>>>>>>>>>>>>>> What do you think? > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> I was reading the spec and I'd like to contribute that in. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Jean-Louis > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> -- > >>>>>>>>>>>>>>>> Jean-Louis Monteiro > >>>>>>>>>>>>>>>> http://twitter.com/jlouismonteiro > >>>>>>>>>>>>>>>> http://www.tomitribe.com > >>>>>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>> > >>>>>>>>> -- > >>>>>>>>> Andy Gumbrecht > >>>>>>>>> https://twitter.com/AndyGeeDe > >>>>>>>>> > >>>>>>>>> http://www.tomitribe.com > >>>>>>>>> > >>>>>>>>> https://www.tomitribe.io > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> Ubique > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> -- > >>>>>>>> Andy Gumbrecht > >>>>>>>> https://twitter.com/AndyGeeDe > >>>>>>>> http://www.tomitribe.com > >>>>>>>> https://www.tomitribe.io > >>>>>>>> > >>>>>>>> > >>>>>>>> Ubique > >> > >> > >