Skip to first unread message
Arjan Tijms
Dec 6, 2017, 12:27:02 PM12/6/17
to Eclipse MicroProfile
Hi,
Looking at the ClaimValue type, I noticed it extends Principal. For a type that's seemingly only(?) used as an injection wrapper, I couldn't find the rationale for this. The spec text doesn't elaborate on it either. Searching through the archives I could only find:
JWTClaim -> Claim
JWTClaimPrincipal -> ClaimValue
JWTClaimType -> Claims
JWTPrincpal -> JsonWebToken
With both ClaimValue and JsonWebToken implementing the java.security.Principal interface.
But there it just says it does, and doesn't say why.
It normally would make sense if these were intended for usage in the Subject 'bag of Principals', but as potential proxies for contextual injection (although this is something which the spec doesn't mention either), it's not entirely clear what the Principal super interface is for.
Kind regards,
Arjan Tijms
Scott Stark
Dec 12, 2017, 1:45:54 PM12/12/17
to Eclipse MicroProfile
It was to allow the claims to be used in the Subject#principals set.
Arjan Tijms
Dec 13, 2017, 8:52:41 AM12/13/17
to Eclipse MicroProfile
Hi,
On Tuesday, December 12, 2017 at 7:45:54 PM UTC+1, Scott Stark wrote:
It was to allow the claims to be used in the Subject#principals set.
Thanks for the reply. At the moment they're not actually used for that, are they? If they are, or if they are intended to be, maybe the spec should clarify that? At the moment it's quite puzzling what ClaimValue is for. If used as Principal for a Subject, isn't something like JWTClaimPrincipal a better type name?
Also, in order to function as an injection wrapper capable of being proxied the demands may be slightly different.
Kind regards,
Arjan Tijms
Reply all
Reply to author
Forward
0 new messages