MicroProfile JSON Web Token1.11.0
This feature enables web applications or microservices to use the Eclipse JSON Web Token 1.1 specification to authenticate users instead of, or in addition to, the configured user registry.
Enabling this feature
To enable the MicroProfile JSON Web Token 1.1 feature, add the following element declaration into your server.xml
file, inside the featureManager
element:
<feature>mpJwt-1.1</feature>
Examples
Basic configuration to implement MicroProfile JWT
The following example shows that the service needs request authentication with a JSON Web Token (JWT).
The mpJwt
element defines the configuration to process the inbound JSON Web Tokens.
The jwksUri
attribute points the mpjwt
element towards the public key to validate the JSON Web Token.
The keyStore
element defines the key and truststore where the public key is stored, to validate the JSON Web Token when the JSON Web Key Sets(JWKS) are not used:
<mpJwt id="mympjwt" issuer="https://example.com"
jwksUri="https://localhost:19443/jwt/ibm/api/myBuilder/jwk"/>
<keyStore id="defaultKeyStore" password="keyspass"/>
Specify login with MicroProfile JWT for a subset of applications, URLs, browsers, or IP addresses
You can use an authentication filter to protect a subset of applications, URLs, or IP addresses,.
The security configuration works when the conditions in the filter are met.
In the following example, requests to the myApp
application are authorized with a JSON Web Token:
<mp-jwt authFilterRef="authFilter1" />
<authFilter id="myAuthFilter">
<webApp id="myWebApp"
name="myApp"
matchType="contains"/>
</authFilter>
Stable API packages provided by this feature
-
org.eclipse.microprofile.auth
-
org.eclipse.microprofile.jwt