> On Feb 14, 2018, at 9:01 AM, Romain Manni-Bucau <rmannibu...@gmail.com> wrote:
> interesting thing is JsonWebToken principal will not work with CDI by
> design - due to proxies - so must use another unwrapped layer to get the
> principal like jaspic or servlet layers which will not require any change
> in any of our internals but more a better integration of existing techno,
There are effectively two ways to get the JsonWebToken:
- Injectable via CDI into @RequestScoped beans
- Anywhere a Principal can be obtained
There is also an @Claim qualifier which allows individual claims from the JWT
to be injected into @RequestScoped beans as JSON-P types or as primatives.
That part will be a bit tricky, but effectively we need a dependent-scoped
producer that can find the JWT data in the active request. Perhaps by looking
in the ThreadContext.