examples/mp-rest-jwt-jwk/README.adoc - tomee - Git at Google

 = MicroProfile JWT JWKs
 :index-group: MicroProfile
 :jbake-type: page
 :jbake-status: published

 This is an example on how to use MicroProfile JWT in TomEE by using the
 public key as JWKs.

 == Run the application:

 [source, bash]
 ----
 mvn clean install tomee:run
 ----

 This example is a CRUD application for products available.

 == Requirments and configuration

 For usage of MicroProfile JWT we have to change the following to our
 project:

 [arabic]
 . Add the dependency to our `pom.xml` file:
 +
 [source,xml]
 ----
 <dependency>
     <groupId>org.eclipse.microprofile.jwt</groupId>
     <artifactId>microprofile-jwt-auth-api</artifactId>
     <version>${mp-jwt.version}</version>
     <scope>provided</scope>
 </dependency>
 ----
 . Annotate our `Application.class` with `@LoginConfig(authMethod = "MP-JWT")`

 . Provide public  key for validation of the JWT. And specify the location of the public key and the issuer in our
 `microprofile-config.properties` file. The public key is then used for verification of the signature in the
 JWT.
 +
 [source,properties]
 ----
 mp.jwt.verify.publickey.location=/jwks.pem
 mp.jwt.verify.issuer=https://example.com
 ----

 . Define `@RolesAllowed()` on the endpoints we want to protect.

 == About the application architecture

 The application enables us to manipulate and view products with specific users. We have two users
 `Alice Wonder` and `John Doe`. They can read, create, edit and delete specific entries.

 `jwt-john.json`

 [source,json]
 ----
 {
   "iss": "https://example.com",
   "sub": "24400320",
   "name": "John Doe",
   "upn": "john.doe@example.com",
   "preferred_username": "john",
   "groups": [
     "guest", "admin"
   ]
 }
 ----

 == Access the endpoints with JWT token

 We access endpoints from our test class by creating a `JWT` with the help of
 our `TokenUtils.generateJWTString(String jsonResource, String keyId)` which signs our user
 data in json format with the help of our `src/test/resources/{keyId}` private key.

 We can also generate new `privateKey.pem` and `publicKey.pem` with the
 `GenerateKeyUtils.generateKeyPair(String keyAlgorithm, int keySize)` method which
 then creates the `publicKey.pem` also in `JWK` format.
	= MicroProfile JWT JWKs
	:index-group: MicroProfile
	:jbake-type: page
	:jbake-status: published

	This is an example on how to use MicroProfile JWT in TomEE by using the
	public key as JWKs.

	== Run the application:

	[source, bash]
	----
	mvn clean install tomee:run
	----

	This example is a CRUD application for products available.

	== Requirments and configuration

	For usage of MicroProfile JWT we have to change the following to our
	project:

	[arabic]
	. Add the dependency to our `pom.xml` file:
	+
	[source,xml]
	----
	<dependency>
	<groupId>org.eclipse.microprofile.jwt</groupId>
	<artifactId>microprofile-jwt-auth-api</artifactId>
	<version>${mp-jwt.version}</version>
	<scope>provided</scope>
	</dependency>
	----
	. Annotate our `Application.class` with `@LoginConfig(authMethod = "MP-JWT")`

	. Provide public key for validation of the JWT. And specify the location of the public key and the issuer in our
	`microprofile-config.properties` file. The public key is then used for verification of the signature in the
	JWT.
	+
	[source,properties]
	----
	mp.jwt.verify.publickey.location=/jwks.pem
	mp.jwt.verify.issuer=https://example.com
	----

	. Define `@RolesAllowed()` on the endpoints we want to protect.

	== About the application architecture

	The application enables us to manipulate and view products with specific users. We have two users
	`Alice Wonder` and `John Doe`. They can read, create, edit and delete specific entries.

	`jwt-john.json`

	[source,json]
	----
	{
	"iss": "https://example.com",
	"sub": "24400320",
	"name": "John Doe",
	"upn": "john.doe@example.com",
	"preferred_username": "john",
	"groups": [
	"guest", "admin"
	]
	}
	----

	== Access the endpoints with JWT token

	We access endpoints from our test class by creating a `JWT` with the help of
	our `TokenUtils.generateJWTString(String jsonResource, String keyId)` which signs our user
	data in json format with the help of our `src/test/resources/{keyId}` private key.

	We can also generate new `privateKey.pem` and `publicKey.pem` with the
	`GenerateKeyUtils.generateKeyPair(String keyAlgorithm, int keySize)` method which
	then creates the `publicKey.pem` also in `JWK` format.