Quick question David, @RolesAllowed currently checks "groups" claim only. Does the bean validation feature allows checking roles in "roles"?
On Mon, May 13, 2019 at 3:52 PM Jean-Louis Monteiro < [email protected]> wrote: > I'll do tonight > > -- > Jean-Louis Monteiro > http://twitter.com/jlouismonteiro > http://www.tomitribe.com > > > On Mon, May 13, 2019 at 8:47 PM David Blevins <[email protected]> > wrote: > > > Ok, > > > > This one is ready for merge. If anyone has a chance to take another look > > at it today, excellent. I'd like to merge tomorrow and start the > release. > > > > There are a lot of commits, so here is the high level: > > > > - TOMEE-2519: MP JWT Logging Improvements ensures we know exactly why a > > JWT is not validating. There are new tests in itests that boot the > server > > and actually check the log output. The tomee-server-composer is a new > bit > > of tech introduced in this PR. > > > > - TOMEE-2515: Adds support for RSA keys 1024bits and signatures of > > RSA-SHA384, RSA-SHA512, with tests for each key and signature type. > There > > is also tests to ensure the only two required claims are 'sub' and 'exp'. > > There is a class JsonWebTokenValidator which is not used yet. It's > > mid-refactor. The intent is to add a builder. I'm out of time so I'll > > have to come back to it later. > > > > - TOMEE-2517: MP-JWT and BeanValidation adds a fancy new feature that > > allows users to use Bean Validation to check JWTs. You simply write a > > validation constraints for against the JsonWebToken and annotate your > > method. A method no longer needs to use @RolesAllowed and can be very > > expressive and specific through the power of bean validation. > > > > - TOMEE-2517: MP-JWT and BeanValidation Example. Any new feature needs > > documentation or it doesn't exist. The example is functional and clean. > > The README is barely there and will need more work. > > > > - TOMEE-2521: Apache BVal 2.0.3-SNAPSHOT there was a fix that had to be > > made to cover a method that has a void return type. BVal was throwing an > > exception causing a 500. This was fixed and passes the bean validation > > TCK. Work was done so we could use a custom build for the release > > tomorrow. Ideally we'll be back no proper BVal release very shortly. > > > > That's the high level. Doing a build on my laptop tonight. If it looks > > good I'll merge early tomorrow (in a few hours) so there's 2-3 hours for > a > > green build to run prior to starting a release. > > > > > > -David > > > > >
