Clarifying the tests in JWT that are expected for a MicroProfile Implementation

[John D. Ament]

Hi,

so I'm looking to try to get some finalization around the MP JWT TCK.  There's a lot of tests within the TCK, many of which only apply if you're running on a true EE application server.  Many of these tests are easy to segregate, however some are hard to find.  I'm wondering if we could maybe use dedicated groups for the TCK for features meant for MP, Web Profile, Full stack implementations.

John

[sst...@redhat.com]

That is what I was trying to do with the current groups. I only thought what I had categorized as "*-optional" had moved beyond CDI and JAX-RS:

public static final String TEST_GROUP_UTILS="utils";
public static final String TEST_GROUP_JWT="jwt";
public static final String TEST_GROUP_JAXRS="jaxrs";
public static final String TEST_GROUP_CDI="cdi";
public static final String TEST_GROUP_CDI_JSON="cdi-json";
public static final String TEST_GROUP_CDI_PROVIDER="cdi-provider";
public static final String TEST_GROUP_EJB="ejb-optional";
public static final String TEST_GROUP_SERVLET="servlet-optional";
public static final String TEST_GROUP_JACC="jacc-optional";
public static final String TEST_GROUP_DEBUG="debug";

Where are you finding other EE dependencies?

[John D. Ament]

Well, even that list is hard to say what should and shouldn't be included.  Also, since groups are global to the test suite, could you include "jwt" or something to help distinguish them?  Also, is the understanding then based on your current group names a minimal JWT implementation should support utils,jwt,jaxrs,cdi,cdi-json,cdi-provider groups for JWT?

As far as tests that I'm struggling with, https://github.com/eclipse/microprofile-jwt-auth/issues/39 is one.  You have it labeled as "jaxrs" but it seems like it's reliant on additional functionality beyond MP's scope.

[sst...@redhat.com]

Yes, a base/minimal MP-JWT implementation should support the tests in the utils,jwt,jaxrs,cdi,cdi-json,cdi-provider groups.

Ok, I see what your saying about the role mapping. This is a notion from EE security that often is built on chaining together JAAS login modules for example.

I'll move that to a new ee-security-optional group.

So is it ok to distinguish between the minimum required tests vs extended tests by the lack of a -optional suffix on the test group, or should there be an additional jwt-minimal group attached to those tests?