Hey All, Provided we can get a good CI build on this PR, we're done with MP JWT and have some new functionality I'm pretty proud of and had a great time working on.
- https://github.com/apache/tomee/pull/926 The new functionality in a nutshell is the ability to dynamically resolve and rotate JWT validation keys at runtime. It is enabled by default for HTTP key locations, but can be enabled for any key location. There's a full set of itests that verify our error handling and logging for all the various failure/recovery scenarios I could think of. Here's a good example: - https://github.com/apache/tomee/blob/TOMEE-4050/itests/microprofile-jwt-itests/src/test/java/org/apache/tomee/microprofile/jwt/itest/keys/http/HttpKeyRotationHttp500Test.java I also wrote up a doc for MP JWT and our custom config properties: - https://github.com/apache/tomee/blob/TOMEE-4050/docs/microprofile/jwt.adoc If you have a fleet of servers, don't want to hardcode the keys in the app and need requests to work reliably even when errors occur in key rotation, this is your feature. -David
smime.p7s
Description: S/MIME cryptographic signature
