To understand the JWT authentication implementation standard I have tried out Kumuluzee with Microservice 3.3
The sample is working fine with valid JWT token as excepted without issues. But the weird behavior noticed was the target endpoint is still accessible without passing the "Authorization": "Bearer XXXXXX" header. Is there an additional configuration is required to enforce the authorization header mandatory for JWT authentication implementation.
Application Endpoint:
@ApplicationPath("/data")
@LoginConfig(authMethod = "MP-JWT")
@DeclareRoles({"protected"})
public class DemoRestApplication extends Application {
}
Kumuluzee config:
kumuluzee:
name: demo
version: 1.0-SNAPSHOT
env:
name: dev
jwt-auth:
public-key: XXXXXXX
issuer: https://server.example.com
server:
http:
port: 8180
