Apache Geronimo Microprofile

Apache Geronimo JWT Auth

Apache Geronimo JWT Auth is an implementation of Microprofile JWT Auth. It provides a way to validate and interact with a JWT metadata.

Dependencies

API

<dependency>
  <groupId>org.eclipse.microprofile.jwt</groupId>
  <artifactId>microprofile-jwt-auth-api</artifactId>
  <version>1.1</version>
  <exclusions>
    <exclusion>
      <groupId>org.osgi</groupId>
      <artifactId>org.osgi.annotation.versioning</artifactId>
    </exclusion>
  </exclusions>
</dependency>

Implementation

<dependency>
  <groupId>org.apache.geronimo</groupId>
  <artifactId>geronimo-jwt-auth</artifactId>
  <version>1.0.0</version>
</dependency>

Test a service layer (without servlet layer)

In 1.0.0 you have to mock a request and use the Geronimo JWT Auth extension to mock the JWT context. In 1.0.1 this is simplified thanks to  TokenAccessor abstraction which requires only to provide the "current" token. In this same version a token can be instantiated thanks to JwtParser (previously you had to implement JsonWebToken yourself).

Here is a test - assuming you have CDI injections, which is the case with Arquillian, Meecrowave etc…​:

@SomethingToGetInjections
public class DemoTest {
    @Inject
    private GeronimoJwtAuthExtension extension;

    @Inject
    private JwtParser parser;

    @Test
    void testJwtService() throws ServletException, IOException {
        extension.execute(
            () -> parser.createToken(
                "my-raw-jwt",
                Json.createObjectBuilder()
                    .add("iss", "http://myissuer.com")
                    .build()),
            () -> {
                // do test here
            });
    }
}
if you use that a lot you will likely want to wrap it in a JUnit or TestNG extension.