microprofile-jwt-auth resources location

180 views
Skip to first unread message

Victor

unread,
Jul 26, 2018, 9:37:11 AM7/26/18
to Payara Forum
Hello,

I developed a small application using microprofile-jwt-auth recently, but I hit a hurdle.

Current verson of Payara only supports microprofile.jwt-auth 1.0, and that seems to require the publicKey.pem and payara-mp-jwt.properties files to reside in the root of the application classpath.

Can I define an alternate location somehow? I really don't want to package the files with the WAR application as it would forbid me to deploy the same artifact though my multiple environments.

Thanks,
Victor
Message has been deleted

Fabio Turizo

unread,
Aug 16, 2018, 11:10:12 AM8/16/18
to Payara Forum
Hi Victor,

The location of the public key is configurable with the mp.jwt.verify.publickey.location configuration property as specified in the MP JWT 1.1 specifications. For the issuer claim, the mp.jwt.verify.issue configuration property will be used instead of the payara-mp.properties file. Payara Server 5.183 will be made compatible with MP 1.4 which comes with that release so you will have to wait until it is made available. I'm afraid that at the current release there's no other mechanism to configure these locations.

Regards,
Fabio.

Arjan Tijms

unread,
Aug 23, 2018, 4:07:32 PM8/23/18
to Payara Forum

Victor

unread,
Aug 28, 2018, 3:08:35 AM8/28/18
to Payara Forum
Thanks!

I'll be waiting for the next release of Payara then.

Victor

unread,
Sep 4, 2018, 2:25:46 PM9/4/18
to Payara Forum

Hi Fabio,

I got the newly released version of Payara Micro 5.183 and I was unsuccessful trying to make it work with the system parameters

My location (-Dmp.jwt.verify.publickey.location) is set to an https address that contains the plublic key in the JSON Web Key Set (JWKS) format.

My issuer  (-Dmp.jwt.verify.issuer) is set to the issuer of my token.

I always get 401 errors, and nothing appears on the logs.

I could make it work instead by using -Dmp.jwt.verify.publickey and passing the public key as parameter instead. That kind of defeats the purpose of having an endpoint providing the public key.

Can you help?

Thanks,
Victor

On Thursday, August 16, 2018 at 5:10:12 PM UTC+2, Fabio Turizo wrote:

Ondro Mihályi

unread,
Sep 5, 2018, 11:12:15 AM9/5/18
to Payara Forum
Hi Victor,


If the URL you provide is correct and accessible, the public key from the remote location should be used as you expect. Maybe your URL is malformed? In that case Payara doesn't log anything and simply ignores the value of the "location" configuration.

If you specify both the key and the location, then the location is ignored.


Ondro

Victor

unread,
Sep 7, 2018, 4:25:17 AM9/7/18
to Payara Forum

Hello Ondro,

After doing some research, I may have a proxy giving out an error when my backend application tries to access the public key location.

I'll try to take the proxy out of the equation.If it fails I'll try to reproduce the same problem using the application Arjan pointed to.

However, the behavior of failing silently deeply disturbs me. Is there a way for me to make Payara more verbose if there are any issues getting the key from the location specified?

Thanks,
Victor

Ondro Mihályi

unread,
Sep 11, 2018, 1:33:25 PM9/11/18
to Victor, Payara Forum
You may submit a pull request to add a log message if the URL is malformed. Or raise an issue on github. But without a code change there's nothing to do. 

Dňa pi 7. 9. 2018, 10:25 Victor <victor.b...@gmail.com> napísal(a):
--
You received this message because you are subscribed to the Google Groups "Payara Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to payara-forum...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/payara-forum/07a570e2-1f0c-4374-94d6-c6dc4d6565cb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages