> On Feb 14, 2018, at 9:01 AM, Romain Manni-Bucau <rmannibu...@gmail.com> wrote:
> 
> interesting thing is JsonWebToken principal will not work with CDI by
> design - due to proxies - so must use another unwrapped layer to get the
> principal like jaspic or servlet layers which will not require any change
> in any of our internals but more a better integration of existing techno,
> no?

There are effectively two ways to get the JsonWebToken:

 - Injectable via CDI into @RequestScoped beans
 - Anywhere a Principal can be obtained

There is also an @Claim qualifier which allows individual claims from the JWT 
to be injected into @RequestScoped beans as JSON-P types or as primatives.

That part will be a bit tricky, but effectively we need a dependent-scoped 
producer that can find the JWT data in the active request.  Perhaps by looking 
in the ThreadContext.


-David

Reply via email to