Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cleanup & nitpicks on some of the code #2109

Closed
wants to merge 1 commit into from
Closed

cleanup & nitpicks on some of the code #2109

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 7 additions & 11 deletions _guides/security-jwt.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,6 @@ Create a REST endpoint in `src/main/java/org/acme/security/jwt/TokenSecuredResou
----
package org.acme.security.jwt;

import java.security.Principal;

import jakarta.annotation.security.PermitAll;
import jakarta.enterprise.context.RequestScoped;
import jakarta.inject.Inject;
Expand All @@ -105,7 +103,7 @@ public class TokenSecuredResource {
@Inject
JsonWebToken jwt; // <1>

@GET()
@GET
@Path("permit-all")
@PermitAll // <2>
@Produces(MediaType.TEXT_PLAIN)
Expand All @@ -122,7 +120,7 @@ public class TokenSecuredResource {
} else {
name = ctx.getUserPrincipal().getName(); // <6>
}
return String.format("hello + %s,"
return String.format("hello %s,"
+ " isHttps: %s,"
+ " authScheme: %s,"
+ " hasJWT: %s",
Expand Down Expand Up @@ -172,7 +170,7 @@ Now that the REST endpoint is running, we can access it using a command line too
[source,shell]
----
$ curl http://127.0.0.1:8080/secured/permit-all; echo
hello + anonymous, isHttps: false, authScheme: null, hasJWT: false
hello anonymous, isHttps: false, authScheme: null, hasJWT: false
----

We have not provided any JWT in our request, so we would not expect that there is any security state seen by the endpoint,
Expand All @@ -194,7 +192,6 @@ package org.acme.security.jwt;

import jakarta.annotation.security.PermitAll;
import jakarta.annotation.security.RolesAllowed;
import jakarta.enterprise.context.RequestScoped;
import jakarta.inject.Inject;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.InternalServerErrorException;
Expand All @@ -207,7 +204,6 @@ import jakarta.ws.rs.core.SecurityContext;
import org.eclipse.microprofile.jwt.JsonWebToken;

@Path("/secured")
@RequestScoped
public class TokenSecuredResource {

@Inject
Expand Down Expand Up @@ -238,7 +234,7 @@ public class TokenSecuredResource {
} else {
name = ctx.getUserPrincipal().getName();
}
return String.format("hello + %s,"
return String.format("hello %s,"
+ " isHttps: %s,"
+ " authScheme: %s,"
+ " hasJWT: %s",
Expand Down Expand Up @@ -455,7 +451,7 @@ curl -H "Authorization: Bearer eyJraWQiOiJcL3ByaXZhdGVLZXkucGVtIiwidHlwIjoiSldUI
[source,shell]
----
$ curl -H "Authorization: Bearer eyJraWQ..." http://127.0.0.1:8080/secured/roles-allowed; echo
hello + jdoe@quarkus.io, isHttps: false, authScheme: Bearer, hasJWT: true, birthdate: 2001-07-13
hello jdoe@quarkus.io, isHttps: false, authScheme: Bearer, hasJWT: true, birthdate: 2001-07-13
----

Success! We now have:
Expand Down Expand Up @@ -542,7 +538,7 @@ public class TokenSecuredResource {
} else {
name = ctx.getUserPrincipal().getName();
}
return String.format("hello + %s,"
return String.format("hello %s,"
+ " isHttps: %s,"
+ " authScheme: %s,"
+ " hasJWT: %s",
Expand All @@ -568,7 +564,7 @@ curl -H "Authorization: Bearer eyJraWQiOiJcL3ByaXZhdGVLZXkucGVtIiwidHlwIjoiSldUI
[source,shell]
----
$ curl -H "Authorization: Bearer eyJraWQ..." http://127.0.0.1:8080/secured/roles-allowed-admin; echo
hello + jdoe@quarkus.io, isHttps: false, authScheme: Bearer, hasJWT: true, birthdate: 2001-07-13
hello jdoe@quarkus.io, isHttps: false, authScheme: Bearer, hasJWT: true, birthdate: 2001-07-13
----

=== Package and run the application
Expand Down