Hello Jean-Louis, I have looked at the samples code. As I am using TomEE 7.1.0 (MP JWT 1.0 compliant), I guess I can't use the mp.jwt.verify.publickey or mp.jwt.verify.publickey.location and mp.jwt.verify.issuer config properties, right ?
Instead, I have to write a XXXMPJWTConfigurationProvider class in order to generate a context info having the public key to check the JWT signature, right ? Best Regards. -----Original Message----- From: Jean-Louis Monteiro [mailto:jlmonte...@tomitribe.com] Sent: samedi 23 février 2019 11:22 To: users@tomee.apache.org Subject: Re: Try to build a JWT sample Bonjour François, Is there a way for you to share the project? I worked on the JWT implementation and the example, I might be able to help. -- Jean-Louis Monteiro https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2Fjlouismonteiro&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=ovFBgowFCnAAMD0mMFccdi5ze2SMZPLEPnr9cRDIFqc%3D&reserved=0 https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.tomitribe.com&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=we33aDDG%2F2O7KR7Q3yDd7ZyRbgpnYE3p0XEz0OtbjQQ%3D&reserved=0 On Fri, Feb 22, 2019 at 4:56 PM COURTAULT Francois < francois.courta...@gemalto.com> wrote: > Hello, > > I try to build a simple sample using TomEE MP 7.1.0 but I get an error > and I don't know what's going on or how I can fix that. > For that, I have read the microprofile-jwt-auth-spec-1.0.pdf, so in my > war application deployed: > > * I have a public class MPJwtApplication extends Application > annotated with @LoginConfig(authMethod = "MP-JWT", realmName = > "TCK-MP-JWT") > > * I have a resource class annotated @Path("resources") > @RequestScoped where I have > > o @Inject private JsonWebToken callerPrincipal; > > o A @GET public Response test () { System.out.println("JsonWebToken:" + > callerPrincipal + "."); return Response.ok().build();} > > > > In the war deployed, I also have a beans.xml with the following content: > > <?xml version="1.0" encoding="UTF-8"?> <beans > xmlns="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=SguBgQ1i0q3857p347Kz5DUEBQg0rPB87HEf9RhDLfo%3D&reserved=0"; > > xmlns:xsi="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=b7SQw7g52Y8goyvKLR78uR9so5q2D%2BPZH5bAMl%2Bsh1Y%3D&reserved=0"; > > xsi:schemaLocation="https://emea01.safelinks.protection.outlook.com/?u > rl=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee&data=02%7C01%7CF > rancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C3 > 7d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata > =SguBgQ1i0q3857p347Kz5DUEBQg0rPB87HEf9RhDLfo%3D&reserved=0 > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxmlns.jcp.org%2Fxml%2Fns%2Fjavaee%2Fbeans_1_1.xsd&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C636865141334006978&sdata=UAMyzrxk%2BU2%2BMxNBvKe%2FFGTkQmFj7xq%2BtJC8YFrWWuk%3D&reserved=0"; > bean-discovery-mode="all"> > > </beans> > > > > Using Soap UI, I send a GET HTTP request with an Authorization header: > bearer <JWT Base 64 encoded>, the error I get is: > > 22-Feb-2019 15:32:43.729 WARNING [http-nio-8080-exec-20] > org.apache.cxf.phase.PhaseInterceptorChain.doDefaultLogging > Application { > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjwt. > mp%2F&data=02%7C01%7CFrancois.COURTAULT%40gemalto.com%7Cc7d08390db > 874ae8897408d69978c5fa%7C37d0a9db7c464096bfe31add5b495d6d%7C0%7C0%7C63 > 6865141334006978&sdata=5gjcfEjv5a%2BqTNyXk1ztdt1pnLE5JIevOexg28%2F > cWlU%3D&reserved=0}MPJwtResource has thrown exception, unwinding > now > org.apache.cxf.interceptor.Fault: WebBeans producer : currentPrincipal > return type in the component implementation class : > org.apache.tomee.microprofile.jwt.cdi.MPJWTProducer scope type must be > @Dependent to create null instance > > > > I was expecting to have the callerPrincipal set to null but why this > CDI @Dependent scope error stuff ? > > > Any idea ? > > Best Regards. > ________________________________ > This message and any attachments are intended solely for the > addressees and may contain confidential information. Any unauthorized > use or disclosure, either whole or partial, is prohibited. > E-mails are susceptible to alteration. Our company shall not be liable > for the message if altered, changed or falsified. If you are not the > intended recipient of this message, please delete it and notify the sender. > Although all reasonable efforts have been made to keep this > transmission free from viruses, the sender will not be liable for > damages caused by a transmitted virus. > ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
