Ok thank you.

I think I will speak to you more once I have this initial MicroProfile JWT integration complete.  One of the motivations of MP-JWT is the ability to add an annotation to the Application to activate the mechanism whilst avoiding the need to edit the web.xml.  However two updates are still required to the web.xml to make authentication mandatory (which is restricted to being path based) and to enable access control.

Those remaining two point I think we can discuss but it may also be worth raising in the MicroProfile group to see if there is interest in getting the behaviour spec defined.

Regards,
Darran Lofthouse.


On Tue, Nov 5, 2019 at 12:40 AM Ron Sigal <rsigal@redhat.com> wrote:

I haven't interacted with that piece of RESTEasy. Purely Bill Burke, I would think.

On 11/4/19 4:37 PM, Alessio Soldano wrote:
Hi Darran,

On Fri, Nov 1, 2019 at 7:16 PM Darran Lofthouse <darran.lofthouse@jboss.com> wrote:
I have found the following that answers my question: -


So overall I both need to switch on support for the annotations AND configure a path based security constraint in the web.xml to trigger authentication.

Have there been any discussions on looking into this further?  It seems plausible that authentication could be triggered in the event a role is required if authentication has not already been performed: -
No discussion here recently AFAIR. Maybe Ron remembers anything?
I'm fine evaluating possible RFE anyway.
Thanks

 

On Fri, Nov 1, 2019 at 5:23 PM Darran Lofthouse <darran.lofthouse@jboss.com> wrote:
Hello,

I am presently in the process of adding MicroProfile JWT support to WildFly, most of the code to activate this is now ready but I just wanted to ask for some pointers as to how RestEasy triggers the need for authentication for a request?

I have a deployed endpoint annotated with @RolesAllowed, I am about to attach a debugger and look into the call in more detail but thought I would ask here as well if there are any pointers.

Regards,
Darran Lofthouse.

_______________________________________________
resteasy-dev mailing list
resteasy-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/resteasy-dev


--

Alessio Soldano

Associate Manager, Software Engineering

Red Hat


_______________________________________________
resteasy-dev mailing list
resteasy-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/resteasy-dev
_______________________________________________
resteasy-dev mailing list
resteasy-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/resteasy-dev