Ok, This one is ready for merge. If anyone has a chance to take another look at it today, excellent. I'd like to merge tomorrow and start the release.
There are a lot of commits, so here is the high level: - TOMEE-2519: MP JWT Logging Improvements ensures we know exactly why a JWT is not validating. There are new tests in itests that boot the server and actually check the log output. The tomee-server-composer is a new bit of tech introduced in this PR. - TOMEE-2515: Adds support for RSA keys 1024bits and signatures of RSA-SHA384, RSA-SHA512, with tests for each key and signature type. There is also tests to ensure the only two required claims are 'sub' and 'exp'. There is a class JsonWebTokenValidator which is not used yet. It's mid-refactor. The intent is to add a builder. I'm out of time so I'll have to come back to it later. - TOMEE-2517: MP-JWT and BeanValidation adds a fancy new feature that allows users to use Bean Validation to check JWTs. You simply write a validation constraints for against the JsonWebToken and annotate your method. A method no longer needs to use @RolesAllowed and can be very expressive and specific through the power of bean validation. - TOMEE-2517: MP-JWT and BeanValidation Example. Any new feature needs documentation or it doesn't exist. The example is functional and clean. The README is barely there and will need more work. - TOMEE-2521: Apache BVal 2.0.3-SNAPSHOT there was a fix that had to be made to cover a method that has a void return type. BVal was throwing an exception causing a 500. This was fixed and passes the bean validation TCK. Work was done so we could use a custom build for the release tomorrow. Ideally we'll be back no proper BVal release very shortly. That's the high level. Doing a build on my laptop tonight. If it looks good I'll merge early tomorrow (in a few hours) so there's 2-3 hours for a green build to run prior to starting a release. -David
