MicroProfile JSON Web Token1.11.0
This feature enables web applications or microservices to use the Eclipse JSON Web Token 1.1 specification to authenticate users instead of, or in addition to, the configured user registry.
To enable the MicroProfile JSON Web Token 1.1 feature, add the following element declaration into your
server.xml file, inside the
The following example shows that the service needs request authentication with a JSON Web Token (JWT).
mpJwt element defines the configuration to process the inbound JSON Web Tokens.
jwksUri attribute points the
mpjwt element towards the public key to validate the JSON Web Token.
keyStore element defines the key and truststore where the public key is stored, to validate the JSON Web Token when the JSON Web Key Sets(JWKS) are not used:
<mpJwt id="mympjwt" issuer="https://example.com" jwksUri="https://localhost:19443/jwt/ibm/api/myBuilder/jwk"/> <keyStore id="defaultKeyStore" password="keyspass"/>
You can use an authentication filter to protect a subset of applications, URLs, or IP addresses,.
The security configuration works when the conditions in the filter are met.
In the following example, requests to the
myApp application are authorized with a JSON Web Token:
<mp-jwt authFilterRef="authFilter1" /> <authFilter id="myAuthFilter"> <webApp id="myWebApp" name="myApp" matchType="contains"/> </authFilter>