I would very much appreciate a little pointer to some TomEE/OpenEjb class for debugging my JWT rest service. I'm facing the problem that TomEE rejects access (403) to my test service despite having a JWT token in the request header. My test service simply looks like this:
@RestClient
@Path("/jwt")
public class JwtTestWS {
@Inject
private JsonWebToken jwtPrincipal;
@GET
@RolesAllowed("school")
public Response jwtTest(@HeaderParam("AUTHORIZATION") String auth) {
return Response.ok().build();
}
}
I set up an Application config class, too:
@LoginConfig(authMethod = "MP-JWT")
public class ApplicationConfig extends Application {
}
And a microprofiles-config with:
mp.jwt.verify.issuer=example.com
mp.jwt.verify.publickey=[PKCS#8 RSA public key here]
I currently need to generate my own JWT (using JJWT). Thus I would like to see what TomEE/openEjb is doing to find out where the problem is (my JWT or some configuration problem). Can someone point me to some initial (functional) class & method that will be called during authentication in TomEE? I would like to find the point where a) I can verify that JWT is used for authentication, and b) where the verification is performed - so that I can find out if my JWT is correct These should be classes I can debug (not interfaces from the specs).
Any help would be very much appreciated
Try sticking a breakpoint in OpenEJBValve? JWT Authentication would likely be handled in a Valve or Filter, so you could also check subclasses of those and stick breakpoints in there.