adam bien's blog

Securing JAX-RS Endpoints with JWT 📎

Install jwtenizr.sh by downloading jwtenizr.jar and execute java -jar jwtenizr.jar

JWTenizr will generate:

  1. jwtenizr-config.json with public, private key and target folder of microprofile-config.properties
  2. jwt-token.json: with Minimum MP-JWT Required Claims, a sample principal and a few groups. UPN becomes the Java EE principal, the groups are automatically mapped to Java EE roles.
  3. token.jwt: with information loaded from: jwt-token.json and can be used as input for automated system tests
  4. microprofile-config.properties comprising the public key an the issuer: copy to your WAR/src/main/resources/META-INF
  5. curl command. Is ready to use for testing with Authorization header and included token: curl -i -H'Authorization: Bearer eyJraW¢...(generated JWT token)' https://localhost:8080[RESOURCE and SUB-RESOURCES]

The JWT's claims and Principal become directly injectable and you can rely on the stock @RolesAllowed or @PermitAll annotations to guard methods.

See jwtenizr.sh with quarkus in (from scratch) action:

See you at Web, MicroProfile and Java EE Workshops at Munich Airport, Terminal 2 or Virtual Dedicated Workshops / consulting. Is Munich's airport too far? Learn from home: airhacks.io.