Le 14 févr. 2018 19:47, "David Blevins" <david.blev...@gmail.com> a écrit :

> On Feb 14, 2018, at 9:01 AM, Romain Manni-Bucau <rmannibu...@gmail.com>
> interesting thing is JsonWebToken principal will not work with CDI by
> design - due to proxies - so must use another unwrapped layer to get the
> principal like jaspic or servlet layers which will not require any change
> in any of our internals but more a better integration of existing techno,
> no?

There are effectively two ways to get the JsonWebToken:

 - Injectable via CDI into @RequestScoped beans
 - Anywhere a Principal can be obtained

There is also an @Claim qualifier which allows individual claims from the
JWT to be injected into @RequestScoped beans as JSON-P types or as

If jsonp it can be @appscoped too technically

That part will be a bit tricky, but effectively we need a dependent-scoped
producer that can find the JWT data in the active request.  Perhaps by
looking in the ThreadContext.

Cant jaspic work? Also a jwt for an ejb without a request
means....something to define ;).


Reply via email to