Hey Cesar, It seems good to go. I pushed my +1 on the PR.
Em qua, 12 de dez de 2018 2:26 AM, César Hernández Mendoza < cesargu...@gmail.com escreveu: > Thank you @Roberto for the comments. > > I finish my PR and removed the "WIP" from the PR name, can somebody please > review it: https://github.com/apache/tomee/pull/233 > > > > El mar., 11 dic. 2018 a las 4:32, Roberto Cortez > (<radcor...@yahoo.com.invalid>) escribió: > > > If I remember correctly, you only need one of the roles in RolesAllowed > to > > be authorized. > > > > > On 11 Dec 2018, at 06:24, César Hernández Mendoza < > cesargu...@gmail.com> > > wrote: > > > > > > I started to move forward this PR. > > > > > > I have one question: > > > What would be the correct behavior of a request containing a valid > token > > > that only hast the Group of Claims "crud" but the REST endpoint is > > > annotated like this: > > > > > > @RolesAllowed({"crud", "read-only"}) > > > > > > > > > Should the REST endpoint reply with a 403 because the token used in the > > > request doesn't have both Group of claims? > > > or > > > Should the REST endpoint reply correctly if and only if the Token used > in > > > the request contains Any of this two Group of claims? > > > > > > After reading: both MP JWT spec and also the section 2.12 of JSR-250 I > > > think we have a bug that you can easily reproduce in my PR if you use > > token > > > type "*2*" instead of "1" in the following test: > > > > > > https://github.com/apache/tomee/pull/233/files#diff-c8b4606595833238670d666da0b95651R80 > > > > > > > > > > > > El lun., 3 dic. 2018 a las 9:22, Bruno Baptista (<bruno...@gmail.com>) > > > escribió: > > > > > >> Hi César, > > >> > > >> Looking forward to review it. > > >> > > >> Cheers. > > >> > > >> Bruno Baptista > > >> https://twitter.com/brunobat_ > > >> > > >> > > >> On 30/11/18 22:44, César Hernández Mendoza wrote: > > >>> Hi, > > >>> > > >>> I'm planning to implement a couple of small improvements on the > > >>> MicroProfile JWT example the project already has. > > >>> I opened https://issues.apache.org/jira/browse/TOMEE-2304 for this. > > >>> > > >>> I'll keep you updated with the proposal and progress. Ideas, proposal > > are > > >>> more than welcome! > > >> > > > > > > > > > -- > > > Atentamente: > > > César Hernández Mendoza. > > > > > > -- > Atentamente: > César Hernández Mendoza. >
