MicroProfile JSON Web Token

This feature enables web applications or microservices to use the Eclipse JSON Web Token 1.0 specification to authenticate users instead of, or in addition to, the configured user registry.

Enabling this feature

To enable the MicroProfile JSON Web Token 1.0 feature, add the following element declaration into your server.xml file, inside the featureManager element:



Basic configuration to implement MicroProfile JWT

The following example shows that the service needs request authentication with a JSON Web Token (JWT). The mpJwt element defines the configuration to process the inbound JSON Web Tokens. The jwksUri attribute points the mpjwt element towards the public key to validate the JSON Web Token. The keyStore element defines the key and truststore where the public key is stored, to validate the JSON Web Token when the JSON Web Key Sets(JWKS) are not used:

    <mpJwt id="mympjwt" issuer="https://example.com"

    <keyStore id="defaultKeyStore" password="keyspass"/>

Specify login with MicroProfile JWT for a subset of applications, URLs, browsers, or IP addresses

You can use an authentication filter to protect a subset of applications, URLs, or IP addresses,. The security configuration works when the conditions in the filter are met. In the following example, requests to the myApp application are authorized with a JSON Web Token:

<mp-jwt authFilterRef="authFilter1" />
<authFilter id="myAuthFilter">
         <webApp id="myWebApp"

Feature configuration elements

Stable API packages provided by this feature

  • org.eclipse.microprofile.auth

  • org.eclipse.microprofile.jwt

Supported Java versions

  • JavaSE-1.8

  • JavaSE-11.0

  • JavaSE-15.0

Features that enable this feature

Developing a feature that depends on this feature

If you are developing a feature that depends on this feature, include the following item in the Subsystem-Content header in your feature manifest file.

com.ibm.websphere.appserver.mpJwt-1.0; type="osgi.subsystem.feature"