> On Feb 14, 2018, at 9:01 AM, Romain Manni-Bucau <rmannibu...@gmail.com> wrote: > > interesting thing is JsonWebToken principal will not work with CDI by > design - due to proxies - so must use another unwrapped layer to get the > principal like jaspic or servlet layers which will not require any change > in any of our internals but more a better integration of existing techno, > no?
There are effectively two ways to get the JsonWebToken: - Injectable via CDI into @RequestScoped beans - Anywhere a Principal can be obtained There is also an @Claim qualifier which allows individual claims from the JWT to be injected into @RequestScoped beans as JSON-P types or as primatives. That part will be a bit tricky, but effectively we need a dependent-scoped producer that can find the JWT data in the active request. Perhaps by looking in the ThreadContext. -David