[jbossts-issues] [JBoss JIRA] (JBTM-3309) Investigate using MicroProfile JSON Web Token to secure interaction with an LRA coordinator
Michael Musgrove (Jira)
issues at jboss.org
Thu Apr 30 09:39:07 EDT 2020
[ https://issues.redhat.com/browse/JBTM-3309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Musgrove updated JBTM-3309:
-----------------------------------
Priority: Critical (was: Major)
> Investigate using MicroProfile JSON Web Token to secure interaction with an LRA coordinator
> -------------------------------------------------------------------------------------------
>
> Key: JBTM-3309
> URL: https://issues.redhat.com/browse/JBTM-3309
> Project: JBoss Transaction Manager
> Issue Type: Enhancement
> Components: LRA
> Affects Versions: 5.10.4.Final
> Reporter: Michael Musgrove
> Assignee: Michael Musgrove
> Priority: Critical
> Fix For: 5.next
>
>
> The Narayana implementation of the MicroProfile LRA specification uses a JAX-RS filter to communicate with a remote coordinator. The interaction is currently insecure. This issue is to investigate the best way of securing this channel. Since the JAX-RS filter is applied to the MicroProfile service we should initially investigate the MicroProfile security solution (MicroProfile JSON Web Token).
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jbossts-issues
mailing list