# codeone2019-implementing-microprofile-jwt

**Repository Path**: mirrors_tomitribe/codeone2019-implementing-microprofile-jwt

## Basic Information

- **Project Name**: codeone2019-implementing-microprofile-jwt
- **Description**: Implementing Microservice Security via JWT and MicroProfile [DEV4354]
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2020-09-26
- **Last Updated**: 2026-02-15

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

= Abstract

Deep-dives into implementing an OAuth 2.0 JWT architecture built on MicroProfile.

Clone as follows to get all submodules:

----
git clone --recurse-submodules https://github.com/tomitribe/codeone2019-implementing-microprofile-jwt.git
----

== JWT Overview

Short view of a complete OAuth 2.0 JWT architecture, discussing what makes them both secure and scalable.
(10 minutes, David)

- JWT Image explanation
- Verification explanation
- Architecture Diagram with Before and After   

TIP: Deconstructing and Evolving REST Security [DEV4297]
Wednesday, September 18, 12:30 PM - 01:15 PM | Moscone South - Room 202

== MicroProfile JWT Overview

Journey into MicroProfile JWT begins, detailing a bare-minimum starter project that has a simple REST service and Arquillian tests challenging security.
 (10 minutes,Jean-Louis)

* Goal of MicroProfile JWT
** Do JWT Verification for you
** Provide ways to consume claim data
** Provide means to restrict access to roles
** Provide access to the full JWT for propagation
* Non Goals of MicroProfile JWT
** Creation of JWTs
** Do your own JWT Verification
** Automagic Propagation
* The five MicroProfile JWT concepts you need to know
** `@LoginConfig(authMethod = "MP-JWT")`
** `mp.jwt.verify.publickey.location`
** `@Claim`
** `@RolesAllowed`
** `JsonWebToken`

Code:

- https://github.com/tomitribe/tomee-microprofile-jwt-starter-project/[starter-project]
- link:basics-claim[basics-claim]
- link:basics-claimvalue[basics-claimvalue]
- link:basics-jsonwebtoken[basics-jsonwebtoken]

== Advanced Concepts

Explore Advanced MicroProfile JWT concepts such as  putting business data in JWTs, encrypted claims, CDI @Injection, and using Bean Validation to replace @RolesAllowed usage.
(10 minutes, David)

- Eliminating RolesAllowed with Bean Validation
- CDI Producers and qualifiers with `@Claims`

Code:

- link:advanced-bean-validation[advanced-bean-validation]
- link:advanced-bean-validation-japanese[advanced-bean-validation-japanese]
- link:advanced-bean-validation-composition[advanced-bean-validation-composition]
- link:advanced-claims-transformation[advanced-claims-transformation]

== Full App

A Pet Store–like AngularJS app that performs client-side login and refresh.
(10 minutes, Jean-Louis)

Code:

- https://github.com/tomitribe/oauth2-jwt-angular[fullstack-angularjs]
- https://github.com/tomitribe/microservice-with-jwt-and-microprofile[fullstack-backbonejs]

TIP: Keeping Brazil’s Medical Industry Safe with MicroProfile [DEV4113]
Wednesday, September 18, 05:00 PM - 05:45 PM | Moscone South - Room 310/311