[GitHub] tomee pull request #342: TOMEE-2332 MP-jwt-jwk example

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[GitHub] tomee pull request #342: TOMEE-2332 MP-jwt-jwk example

cotnic
GitHub user cotnic opened a pull request:

    https://github.com/apache/tomee/pull/342

    TOMEE-2332 MP-jwt-jwk example

    Implemented the MP-jwt for JWKs public key example.
   
    Also included the usage of MP-rest-client for testing.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/cotnic/tomee TOMEE-2332

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/tomee/pull/342.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #342
   
----
commit 6fcafa431535e0d2ff25606b57353726cf09acd4
Author: cotnic <mitja@...>
Date:   2018-12-29T08:11:09Z

    created REST service.
   
    TODO: Implement the JWT JWK functionalities

commit d267983ae3c2c9ee1805a01016829f2ea7d36192
Author: cotnic <mitja@...>
Date:   2019-01-02T10:13:25Z

    TOMEE-2332: example for JWKs usage in MicroProfile JWT with TomEE

----


---
Reply | Threaded
Open this post in threaded view
|

[GitHub] tomee pull request #342: TOMEE-2332 MP-jwt-jwk example

cotnic
Github user jeanouii commented on a diff in the pull request:

    https://github.com/apache/tomee/pull/342#discussion_r244751383
 
    --- Diff: examples/mp-rest-jwt-jwk/README.adoc ---
    @@ -0,0 +1,76 @@
    += MicroProfile JWT JWKs
    +:index-group: MicroProfile
    +:jbake-type: page
    +:jbake-status: published
    +
    +This is an example on how to use MicroProfile JWT in TomEE by using the
    +public key as JWKs.
    +
    +== Run the application:
    +
    +[source, bash]
    +----
    +mvn clean install tomee:run
    +----
    +
    +This example is a CRUD application for products available.
    +
    +== Requirments and configuration
    +
    +For usage of MicroProfile JWT we have to change the following to our
    +project:
    +
    +[arabic]
    +. Add the dependency to our `pom.xml` file:
    ++
    +....
    +<dependency>
    +    <groupId>org.eclipse.microprofile.jwt</groupId>
    +    <artifactId>microprofile-jwt-auth-api</artifactId>
    +    <version>${mp-jwt.version}</version>
    +    <scope>provided</scope>
    +</dependency>
    +....
    +. Annotate our `Application.class` with `@LoginConfig(authMethod = "MP-JWT")`
    +
    +. Provide public and private key for authentication. And specify the location of the public key and the issuer in our
    --- End diff --
   
    What's actually required is the public key because MicroProfile JWT targets the validation side (consuming a JWT). The private key would be useful on the producer side of things such as an identity provider, or an API Gateway.


---
Reply | Threaded
Open this post in threaded view
|

[GitHub] tomee pull request #342: TOMEE-2332 MP-jwt-jwk example

cotnic
In reply to this post by cotnic
Github user jeanouii commented on a diff in the pull request:

    https://github.com/apache/tomee/pull/342#discussion_r244751685
 
    --- Diff: examples/mp-rest-jwt-jwk/README.adoc ---
    @@ -0,0 +1,76 @@
    += MicroProfile JWT JWKs
    +:index-group: MicroProfile
    +:jbake-type: page
    +:jbake-status: published
    +
    +This is an example on how to use MicroProfile JWT in TomEE by using the
    +public key as JWKs.
    +
    +== Run the application:
    +
    +[source, bash]
    +----
    +mvn clean install tomee:run
    +----
    +
    +This example is a CRUD application for products available.
    +
    +== Requirments and configuration
    +
    +For usage of MicroProfile JWT we have to change the following to our
    +project:
    +
    +[arabic]
    +. Add the dependency to our `pom.xml` file:
    ++
    +....
    +<dependency>
    +    <groupId>org.eclipse.microprofile.jwt</groupId>
    +    <artifactId>microprofile-jwt-auth-api</artifactId>
    +    <version>${mp-jwt.version}</version>
    +    <scope>provided</scope>
    +</dependency>
    +....
    +. Annotate our `Application.class` with `@LoginConfig(authMethod = "MP-JWT")`
    +
    +. Provide public and private key for authentication. And specify the location of the public key and the issuer in our
    +`microprofile-config.properties` file.
    ++
    +[source,properties]
    +----
    +mp.jwt.verify.publickey.location=/jwks.pem
    +mp.jwt.verify.issuer=https://example.com
    +----
    +
    +. Define `@RolesAllowed()` on the endpoints we want to protect.
    +
    +== About the application architecture
    +
    +The application enables us to manipulate and view products with specific users. We have two users
    +`Alice Wonder` and `John Doe`. They can read, create, edit and delete specific entries.
    +
    +`jwt-john.json`
    +
    +[source,json]
    +----
    +{
    +  "iss": "https://example.com",
    +  "sub": "24400320",
    +  "name": "John Doe",
    +  "upn": "[hidden email]",
    +  "preferred_username": "john",
    +  "groups": [
    +    "guest", "admin"
    +  ]
    +}
    +----
    +
    +== Access the endpoints with JWT token
    +
    +We access endpoints from our test class by creating a `JWT` with the help of
    +our `TokenUtils.generateJWTString(String jsonResource, String keyId)` which signs our user
    +data in json format with the help of our `src/test/resources/{keyId}` key.
    --- End diff --
   
    This is where you need the private key, but this is for testing purpose to generate a valide and signed JWT


---
Reply | Threaded
Open this post in threaded view
|

[GitHub] tomee pull request #342: TOMEE-2332 MP-jwt-jwk example

cotnic
In reply to this post by cotnic
Github user jeanouii commented on a diff in the pull request:

    https://github.com/apache/tomee/pull/342#discussion_r244752028
 
    --- Diff: examples/mp-rest-jwt-jwk/pom.xml ---
    @@ -0,0 +1,215 @@
    +<?xml version="1.0" encoding="UTF-8"?>
    +<!--
    +
    +    Licensed to the Apache Software Foundation (ASF) under one or more
    +    contributor license agreements.  See the NOTICE file distributed with
    +    this work for additional information regarding copyright ownership.
    +    The ASF licenses this file to You under the Apache License, Version 2.0
    +    (the "License"); you may not use this file except in compliance with
    +    the License.  You may obtain a copy of the License at
    +
    +       http://www.apache.org/licenses/LICENSE-2.0
    +
    +    Unless required by applicable law or agreed to in writing, software
    +    distributed under the License is distributed on an "AS IS" BASIS,
    +    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    +    See the License for the specific language governing permissions and
    +    limitations under the License.
    +-->
    +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    +         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
    +    <modelVersion>4.0.0</modelVersion>
    +
    +    <groupId>org.superbiz</groupId>
    +    <artifactId>mp-rest-jwt-jwk</artifactId>
    +    <version>8.0.0-SNAPSHOT</version>
    +    <packaging>war</packaging>
    +    <name>OpenEJB :: Examples :: MP REST JWT JWK</name>
    +
    +    <properties>
    +        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    +        <tomee.version>8.0.0-SNAPSHOT</tomee.version>
    +        <version.shrinkwrap.resolver>2.0.0</version.shrinkwrap.resolver>
    +        <mp-jwt.version>1.1</mp-jwt.version>
    +        <mp-rest-client.version>1.1</mp-rest-client.version>
    +    </properties>
    +
    +    <build>
    +        <defaultGoal>install</defaultGoal>
    +        <finalName>phonestore</finalName>
    +
    +        <plugins>
    +            <plugin>
    +                <groupId>org.apache.maven.plugins</groupId>
    +                <artifactId>maven-surefire-plugin</artifactId>
    +                <version>2.18.1</version>
    +                <configuration>
    +                    <reuseForks>false</reuseForks>
    +                </configuration>
    +            </plugin>
    +            <plugin>
    +                <groupId>org.apache.maven.plugins</groupId>
    +                <artifactId>maven-war-plugin</artifactId>
    +                <version>3.1.0</version>
    +            </plugin>
    +            <plugin>
    +                <groupId>org.apache.maven.plugins</groupId>
    +                <artifactId>maven-compiler-plugin</artifactId>
    +                <version>3.5.1</version>
    +                <configuration>
    +                    <source>1.8</source>
    +                    <target>1.8</target>
    +                </configuration>
    +            </plugin>
    +            <plugin>
    +                <groupId>org.apache.tomee.maven</groupId>
    +                <artifactId>tomee-maven-plugin</artifactId>
    +                <version>${tomee.version}</version>
    +                <configuration>
    +                    <tomeeClassifier>microprofile</tomeeClassifier>
    +                    <args>-Xmx512m -XX:PermSize=256m</args>
    +                    <config>${project.basedir}/src/main/tomee/</config>
    +                </configuration>
    +            </plugin>
    +        </plugins>
    +    </build>
    +
    +    <dependencyManagement>
    +        <dependencies>
    +            <!-- Override dependency resolver with test version. This must go *BEFORE*
    +              the Arquillian BOM. -->
    +            <dependency>
    +                <groupId>org.jboss.shrinkwrap.resolver</groupId>
    +                <artifactId>shrinkwrap-resolver-bom</artifactId>
    +                <version>${version.shrinkwrap.resolver}</version>
    +                <scope>import</scope>
    +                <type>pom</type>
    +            </dependency>
    +            <!-- Now pull in our server-based unit testing framework -->
    +            <dependency>
    +                <groupId>org.jboss.arquillian</groupId>
    +                <artifactId>arquillian-bom</artifactId>
    +                <version>1.0.3.Final</version>
    +                <scope>import</scope>
    +                <type>pom</type>
    +            </dependency>
    +        </dependencies>
    +    </dependencyManagement>
    +
    +
    +    <dependencies>
    +        <dependency>
    +            <groupId>org.apache.tomee</groupId>
    +            <artifactId>javaee-api</artifactId>
    +            <version>8.0</version>
    +            <scope>provided</scope>
    +        </dependency>
    +
    +        <dependency>
    +            <groupId>org.eclipse.microprofile.jwt</groupId>
    +            <artifactId>microprofile-jwt-auth-api</artifactId>
    +            <version>${mp-jwt.version}</version>
    +            <scope>provided</scope>
    +        </dependency>
    +        <dependency>
    +            <groupId>org.eclipse.microprofile.rest.client</groupId>
    +            <artifactId>microprofile-rest-client-api</artifactId>
    +            <version>${mp-rest-client.version}</version>
    +            <scope>provided</scope>
    +        </dependency>
    +        <dependency>
    +            <groupId>com.nimbusds</groupId>
    +            <artifactId>nimbus-jose-jwt</artifactId>
    +            <version>4.23</version>
    +            <scope>test</scope>
    +        </dependency>
    +
    +        <dependency>
    +            <groupId>junit</groupId>
    +            <artifactId>junit</artifactId>
    +            <version>4.12</version>
    +            <scope>test</scope>
    +        </dependency>
    +
    +        <!--
    --- End diff --
   
    Small detail, but looks like some test dependencies are before this section, not sure it's intended or not.
    It's a detail so won't prevent the merge at all


---