Payaramicro with MicroShed JWT issue

Osama · November 12, 2021, 3:24pm

Hi,
I’ve a project generated PayaraMicro MP 3.0, application, it has Mp JWT (private key generated in file).
I created a secured API [@RolesAllowed Method ]
when I test with Microshed, I noticed that when using @ RESTClient when I specify @ JwtConfig,
it fails to invoke my secured API, with 401 unauthorized error.
I noticed that @ JwtConfig uses jose4j library, which generates the Keys internally,
I need some way to provide the same keys I am using on my payaramicro project.

@rudy.de.busscher
thanks in advance

rudy.de.busscher · November 19, 2021, 8:20am

Hi,

I’m trying to figure out what’s causing the keys to not pick up correctly.

Rudy

rudy.de.busscher · November 20, 2021, 5:48pm

Hi,

The keys are picked up correctly but the JWT token created by the MicroShed Testing framework is leaving out a few claims that we require (as they are recommended by the JWT specification).

You can have a look at the example in this Github Repository .

Important to know, also at the readme of the repository;

Disable the check on the type header
Add the jti claim in the @JWTConfig.

You cannot provide the keys for the test project your self (Payara Micro needs to public key, not the private key for normal operations)

Regards
Rudy

Topic		Replies	Views
How to disable JWT? Technical Discussion	0	275	March 18, 2022
Payara GET BASIC auth request fails with 401 General	1	581	February 15, 2023
Certificates and MariaDB Payara Server	0	243	March 28, 2022
Security API deployment failure in Payara Full CE 5.2022.1 Technical Discussion	0	442	March 23, 2022
jwtauth.eesecurity.JWTProcessingException Technical Discussion security	0	222	May 8, 2022

Payaramicro with MicroShed JWT issue

Related Topics