1

I am following the OpenLiberty guides for microprofile and trying to build an example application that highlights all the microprofile features as a proof of concept for an eventual implementation.

I am working with Liberty v2018.0.0.1 and have added the mpMetrics-1.1 feature. Liberty exposes a metrics endpoint /metrics but this requires authentication. All the examples I have found use the configuration to provide user credentials.

My application uses the mpJwt-1.0 feature for authorisation of a JAX-RS resource. When I added the tag to server.xml the user is no longer authorised (status code 401). If I send a JWT I get a 403.

My questions: - If I wish to access the /metrics endpoint with a JWT which role should be configured in the JWT? - Can I use two different authentication methods in the same server.xml - i.e. basic authentication with a basic registry for the metrics and JWT for my application endpoints?

An abbreviated server.xml:

<feature>mpMetrics-1.1</feature>
<feature>mpJwt-1.0</feature>

<mpJwt id="jwtConsumer"...

<quickStartSecurity userName="tech" userPassword="techpwd" />

<keyStore id="defaultKeyStore"...
Martin Holt
  • 11
  • 1

1 Answers1

1

This is a known issue, https://github.com/OpenLiberty/open-liberty/issues/2793. Here is the workaround: 1. create a user registry that contains the user with user name to be the same as upn claim in JWT, and you can use any dummy password. 2. set mapToUserRegistry to "true" in mpjwt configuration element.

Chunlong
  • 616
  • 5
  • 9
  • Thanks for the feedback. This means I will have to have a basic registry in both the Liberty that issues the JWT and the one that consumes it which is not desirable for the purpose of the demo. If I do this I still get an error: `The user is not granted access to any of the required roles: [Administrator]`. I will keep an eye on Issue 2793. – Martin Holt Apr 11 '18 at 17:53