Re: [RESULTS] Merge Pull Request 123 - MicroProfile JWT support
Good to see the process work! On Mon, Apr 9, 2018 at 9:12 PM David Blevins wrote: > Officially closing the vote. Thanks for the patience everyone. This one > needed some good discussion and a bit of extra time. > > +1s > Andy Gumbrecht > Bruno Baptista > David Blevins > Gurkan Erdogdu > Ivan Junckes Filho > Jean-Louis Monteiro > Jonathan Gallimore > Otávio Gonçalves de Santana > Richard Monson-Haefel > Rudy De Busscher > Thiago Veronezi > > 0s > Matthew Broadhead > > -1s > Romain Manni-Bucau > > Vote passes with eleven +1s, one 0, and one -1. Though this is a > technical vote and a -1 would normally veto, after long discussion here and > a short follow up with the board, all involved agree the -1 is not a true > technical veto and not binding. Guidance from the board was to use a -0 on > technical votes if the intent is not to veto. I think it would be good for > us to be extra clear if a vote is a technical vote vs consensus. > > Though it took a while to talk this one out and the vote is not unanimous, > it is good to see the discussion and high turnout. I think this reflects > us using muscles we haven't used in a while and is an overall incredibly > positive thing. > > Thanks to everyone who voted and participated in the community discussion! > > > -David > > > On Mar 18, 2018, at 5:02 PM, David Blevins > wrote: > > > > Jean-Louis has put a PR up for discussion for JWT Support in TomEE. > > > > - https://github.com/apache/tomee/pull/123 > > > > There are 35 commits spanning 27 days of work. It's been reviewed by > Andy and Rudy. One a committer and one a contributor, which is great for > us. > > > > There's an open question as to where the code should live in its final > state: TomEE or Geronimo. This conversation doesn't seem conclusive after > 12 days. It's ok for us not to agree, but we should have more votes so > there is a clear outcome and we are acting as a community to our best > ability. > > > > Vote: Merge Pull Request 123? > > > > +1 Yes, let's do it > > +-0 Abstain > > -1 No, don't put this code in TomEE > > > > > > Out of respect for the conversation, this is not a vote of where the > code will live in its final state. This is just a decision to merge or > not. It would give the users something they can try, which can be updated > by a future PR if the code does eventually move. > > > > > > -David > > > >
Re: [RESULT] Explore creating a reusable JWT Library
2018-04-10 9:24 GMT+02:00 Rudy De Busscher : > Sorry Romain but I still have doubts if the code is really reusable, like > that you can just add it to WildFly or Payara and that it works. (like > Geronimo Config for example) It will support the CDI+servlet support OOTB, the PR brings the servlet/EJB integration (independently of microprofile) and we plugged in for jwt-auth to have EJB integration. But it still means we are reusable in any CDI/servlet based server OOTB without any dep and fully cover tomee scope so yes we are reusable - we did it intentionally. > > Things like integrating with @RolesAllowed is not standardized (except > using JASPIC maybe which I tried but I had other issues) It is done though the CDI extension > > More generic parts like injecting the Claims etc, that could work. Still a CDI thing. > > But I'm fine that the code is maintained at Geronimo, that TomEE code only > contains the integration parts. But it will not be a complete > implementation of MP JWT Auth (The Geronimo project). > > Rudy > > On 10 April 2018 at 06:58, Romain Manni-Bucau wrote: > >> Le 10 avr. 2018 05:23, "David Blevins" a écrit : >> >> Officially closing the vote. Thanks for the patience everyone. As >> mentioned in the other vote, this one needed some good discussion and a bit >> of extra time. >> >> +1s >> Andy Gumbrecht >> David Blevins >> Ivan Junckes Filho >> Jean-Louis Monteiro >> Jonathan Gallimore >> Thiago Veronezi >> >> +0 >> Rudy De Busscher >> >> -1s >> Mark Struberg >> Romain Manni-Bucau >> >> This was intended as a non-technical vote, so I've registered Mark's -1 as >> he intended it. Thanks, Mark, for the clarification. Matthew, you didn't >> vote, your participation was quite high -- thank you! You're more then >> welcome to vote, sir :) >> >> This was a consensus vote to see if there was will keep working on the JWT >> code here and see if it could be made reusable. We didn't really need this >> vote to accomplish anything other than to see where people's heads are at >> and make sure we're communicating with each other clearly. >> >> It does seem over all that the desire is to take a couple more steps. This >> vote did not address where the code should live in its final state. We >> don't really know how reusable anything will be. >> >> >> >> ...it has been mention 3 times the code IS reusable and should just be a >> lib. It was codes this exact way so no ambiguity here. >> >> >> I'd probably expect us to take a few more steps, see how things look and >> come back to the "where" topic. >> >> >> -David >> >> >> > On Mar 18, 2018, at 5:02 PM, David Blevins >> wrote: >> > >> > The vote for merging PR 123 does not address community will on what to do >> with the code beyond merging it. One can realistically vote +1 to merge >> the code, but then desire to see the code cleaned up and moved elsewhere. >> One can realistically desire seeing an attempt to clean up the code to find >> what is reusable and may wish to withhold a final decision until we see how >> fruitful such a module would be. >> > >> > Out of respect for people who may not know exactly how they feel (TomEE >> or Geronimo), this is a vote for the latter. >> > >> > Vote: Should we attempt to extract code from the JWT PR to see what is >> reusable and how successful such a jar would be? >> > >> > +1 Let's give it a shot here >> > +-0 >> > -1 Let's do this elsewhere >> > >> > If the vote is +1 to attempt an extraction of reusable code here, final >> conclusion of if that extraction is worth it or where it should live is not >> being voted on. People are welcome to decide differently based on the >> results of the exercise. >> > >> > >> > -David >> > >>
Re: [RESULT] Explore creating a reusable JWT Library
Sorry Romain but I still have doubts if the code is really reusable, like that you can just add it to WildFly or Payara and that it works. (like Geronimo Config for example) Things like integrating with @RolesAllowed is not standardized (except using JASPIC maybe which I tried but I had other issues) More generic parts like injecting the Claims etc, that could work. But I'm fine that the code is maintained at Geronimo, that TomEE code only contains the integration parts. But it will not be a complete implementation of MP JWT Auth (The Geronimo project). Rudy On 10 April 2018 at 06:58, Romain Manni-Bucau wrote: > Le 10 avr. 2018 05:23, "David Blevins" a écrit : > > Officially closing the vote. Thanks for the patience everyone. As > mentioned in the other vote, this one needed some good discussion and a bit > of extra time. > > +1s > Andy Gumbrecht > David Blevins > Ivan Junckes Filho > Jean-Louis Monteiro > Jonathan Gallimore > Thiago Veronezi > > +0 > Rudy De Busscher > > -1s > Mark Struberg > Romain Manni-Bucau > > This was intended as a non-technical vote, so I've registered Mark's -1 as > he intended it. Thanks, Mark, for the clarification. Matthew, you didn't > vote, your participation was quite high -- thank you! You're more then > welcome to vote, sir :) > > This was a consensus vote to see if there was will keep working on the JWT > code here and see if it could be made reusable. We didn't really need this > vote to accomplish anything other than to see where people's heads are at > and make sure we're communicating with each other clearly. > > It does seem over all that the desire is to take a couple more steps. This > vote did not address where the code should live in its final state. We > don't really know how reusable anything will be. > > > > ...it has been mention 3 times the code IS reusable and should just be a > lib. It was codes this exact way so no ambiguity here. > > > I'd probably expect us to take a few more steps, see how things look and > come back to the "where" topic. > > > -David > > > > On Mar 18, 2018, at 5:02 PM, David Blevins > wrote: > > > > The vote for merging PR 123 does not address community will on what to do > with the code beyond merging it. One can realistically vote +1 to merge > the code, but then desire to see the code cleaned up and moved elsewhere. > One can realistically desire seeing an attempt to clean up the code to find > what is reusable and may wish to withhold a final decision until we see how > fruitful such a module would be. > > > > Out of respect for people who may not know exactly how they feel (TomEE > or Geronimo), this is a vote for the latter. > > > > Vote: Should we attempt to extract code from the JWT PR to see what is > reusable and how successful such a jar would be? > > > > +1 Let's give it a shot here > > +-0 > > -1 Let's do this elsewhere > > > > If the vote is +1 to attempt an extraction of reusable code here, final > conclusion of if that extraction is worth it or where it should live is not > being voted on. People are welcome to decide differently based on the > results of the exercise. > > > > > > -David > > >
