MicroProfile JWT Quickstart

In  microprofile quickstarts

Overview

Under WFLY-12609 support has been added to the application server for Eclipse MicroProfile JWT RBAC, this enhancement is to provide a Quickstart demonstrating the new functionlity.

Issue Metadata

Issue

Dev Contacts

QE Contacts

Testing By

[ x ] Engineering

[ ] QE

Affected Projects or Components

Other Interested Projects

Requirements

Hard Requirements

A new Quickstart will be developed largely covering the same topics as are covered within the QUARKUS - USING JWT RBAC Quickstart and generally following a similar flow. The architectures of Quarkus and WildFly are verry different so the actual order of steps will be adjusted into a natural order for WildFly.

As a pre-requisite it is expected the user will have been able to install and run the latest release of the WildFly application server with the microprofile-jwt-smallrye subsystem present, no other server side configuration should be required unless nescesary to adapt to a users own environment.

The general steps covered will be: -

  1. Generation of a new Maven project using the archetype:generate goal and a released WildFly archetype.

    This step may include some tweaks to the new project to make it suitable for the following steps.

  2. Ensuring the project has a base JAX-RS endpoint, deploy the project and call the endpoint using curl.

    At this stage the project is a simple JAX-RS deployment without security ready for the subsequent steps to enable MicroProfile JWT based security. The initial endpoint should report the name of the current Principal which for now will be anonymous.

  3. Generate a suitable public / private key.

    As a Quickstart this will be making use of locally generated tokens so local keys will be required.

  4. Add a utility to the quickstart to generate Base64 encoded JWT tokens along with the ability to customise some of the claims.

    It will be possible when executing this utility to specify the name of the principal, the birthday of the principal, and the groups to assign. The birthday claim will be used to demonstrate claim injection later within the quickstart.

    The user will be able to execute the token utility with the exec:java Maven goal.

  5. The minimal steps will be performed to activate the MP-JWT authentication mechanism on the endpoint.

    This will cover aspects such as ensuring CDI is enabled, adding the @LoginConfig annotation and the relevant MicroProfile Config properties needed to configure JWT.

    The command line tool curl will be used to call the endpoint, this time using a generated token to verify the token is accepted and confirm the correct principal name is returned.

  6. Role based Authorization will be enabled using a new endpoint.

    So the endpoint used so far is left unmodified a new endpoint will be added which now uses the @RolesAllowed annotation to specify the required roles.

    The token utility added previously can be used to generate tokens with and without the required role to test the behaviour.

  7. Claim Injection using a new endpoint.

    One futher endpoint will be added, this endpoint will make use of an injected birthday claim and will report to the caller how long it is until their birthday.

    This endpoint again will be called using tokens generated by the token generation utility.

    As the quickstart is incremental each step should be non-destructive so on reaching the end of the quickstart the calls used for earlier steps in the quickstart should remain possible, this is why new endpoints are added at each step instead of modifying a single endpoint.

    The code which results from executing these steps is the code that will be added to the Quickstarts project as a new sub-module. The code will not be modified further, however for long term maintenance it may be required to set the module’s pom to use the Quickstart parent pom to inherit dependency versioning.

The instructions for the quickstart will be contained within a README following a pattern used by other quickstarts and will contain the following: -

  1. An introduction briefly introducing the scope of the Quickstart.

  2. Instructions describing how to deploy and call the quickstart using the provided code.

  3. The steps to create the project from scratch as described previously.

Nice-to-Have Requirements

None

Non-Requirements

Anything not listed under Hard Requirements.

Test Plan

Two different strategies will be used to test the quickstart: -

  1. An arquillian test case will be added to the quickstart which makes use of the deployment and performs each of the calls documented in the quickstart using a generated JWT as appropriate.

  2. A clean download of the most recent version release of the WildFly application server (Presently 19.0.0.Beta1) will be downloaded and started, the steps of the quickstart will be followed to create the quickstart from scratch and make the described calls.

Community Documentation

No additional community documentation is required as each Quickstart contains it’s own relevant documentation.

Release Note Content

A new Quickstart has been added demonstrating how to make use of Eclipse MicroProfile JWT RBAC within the WildFly application server.