I'm having an issue trying to get Microprofile JWT working for my REST resources.
I'm able to build a JWT so when decoded on jwt.ie it is
{
"kid": "Oh1YDQopers_qYMU4zQCmAf0UsFVD5D0NmkFE79s2q0",
"typ": "JWT",
"alg": "RS256"
}
{
"token_type": "Bearer",
"sub": "user12",
"upn": "user12",
"groups": [
"ADMIN",
"USER"
],
"jti": "a27582fc-21e2-4365-b485-ed7193606d8b",
"iss": "http://www.testissuer.com",
"exp": 1617226928,
"iat": 1617219728
}
My Application class is annotated with
@LoginConfig(authMethod = "MP-JWT")
@DeclareRoles({"USER", "SUPERUSER", "ADMIN"})
@ApplicationPath("/")
public class MyApplication extends Application {
Resource class is annotated with
@Path("/my")
@PermitAll
@RequestScoped
public class MyResource {
@Inject
@Claim(standard = Claims.groups)
private Set<String> groups;
@GET
@Produces(MediaType.TEXT_PLAIN)
@RolesAllowed("USER")
public String getString() {
if (groups != null) {
return "groups.size(): " + groups.size();
}
else {
return "groups is null";
}
}
}
The ear file which includes this war includes a META-INF/microprofile-config.properties file with entry:
mp.jwt.verify.issuer=http://www.testissuer.com
To test this I'm generating a fresh token and setting the Authorization header to the encoded JWT and calling GET /my which is returning a 401 response. Added Bearer before the encoded token makes no difference. The WWW-Authenticate header on the 401 response looks like it's looking for a Basic realm value.
If I take out the @RolesAllowed("USER") line then the response I get back is "groups is null" so it's like the injection is failing or cannot be mapped to the "groups" claim in the JWT.
Anyone run into this before?
