What off-the-shelf options exist that allow a Wildfly 10.1 server to authorize requests using a JWT?

Question

I would like to protect the REST endpoints on my Wildfly 10.1 server using JWT authorization.

My front-end (possibly backend-for-frontend later) will pass a JWT through a header to my resource server (the aforementioned Wildfly 10.1 server) where the token should be validated (either using a public key or through a token introspection end-point call).

1. I would prefer not to write a custom JWT validator ( for example using a filter or spring security). Off-the-shelf preferred.
2. The Elytron subsystem is the perfect solution for this (quickstart/jaxrs-jwt at main · wildfly/quickstart · GitHub) but it is not supported on Wildfly 10.1 ( is there a way to install it?).
3. Upgrading to Wildfly 11+ is a last resort.
4. I already have an OIDC provider so the KeyCloak adapters are out of the question (right?).

What off-the-shelf options exist that allow a Wildfly 10.1 server to authorize requests using a JWT?

Answer 1

Looking at the most recent version 26 of Wildfly I find instructions to configure the MicroProfile SmallRye-jwt. https://docs.wildfly.org/26.1/Admin_Guide.html#MicroProfile_JWT_SmallRye

Since the oldest still available documentation is for Wildfly 12 but does not have a comparable microprofile documentation I doubt the above solution exists out of the box. In that case solutions like https://shiro.apache.org/ might help. Eventually take a look at this Shiro extension: https://github.com/j-martinez-dev/shiro-jwt