{"id":20168204,"url":"https://github.com/apache/geronimo-jwt-auth","last_synced_at":"2025-04-10T01:52:24.493Z","repository":{"id":54938140,"uuid":"126833517","full_name":"apache/geronimo-jwt-auth","owner":"apache","description":"Apache Geronimo Microprofile JWT Auth Implementation","archived":false,"fork":false,"pushed_at":"2024-11-19T07:55:48.000Z","size":118,"stargazers_count":6,"open_issues_count":2,"forks_count":9,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-04-03T04:16:55.897Z","etag":null,"topics":["geronimo","http","java","javaee","network-server","web-framework"],"latest_commit_sha":null,"homepage":"https://geronimo.apache.org/","language":"Java","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apache.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-03-26T13:31:41.000Z","updated_at":"2024-11-19T07:55:51.000Z","dependencies_parsed_at":"2024-05-03T23:00:07.614Z","dependency_job_id":null,"html_url":"https://github.com/apache/geronimo-jwt-auth","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fgeronimo-jwt-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fgeronimo-jwt-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fgeronimo-jwt-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fgeronimo-jwt-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apache","download_url":"https://codeload.github.com/apache/geronimo-jwt-auth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247909209,"owners_count":21016479,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["geronimo","http","java","javaee","network-server","web-framework"],"created_at":"2024-11-14T01:06:42.442Z","updated_at":"2025-04-10T01:52:24.438Z","avatar_url":"https://github.com/apache.png","language":"Java","readme":"= Geronimo Microprofile JWT Auth Implementation\n\n== Artifacts\n\n=== API\n\nIMPORTANT: you can also use the eclipse bundle.\n\n[source,xml]\n----\n\u003cparent\u003e\n  \u003cgroupId\u003eorg.apache.geronimo\u003c/groupId\u003e\n  \u003cartifactId\u003egeronimo-microprofile-jwt-auth-spec\u003c/artifactId\u003e\n  \u003cversion\u003e${jwtauth.version}\u003c/version\u003e\n\u003c/parent\u003e\n----\n\n=== Implementation\n\n[source,xml]\n----\n\u003cparent\u003e\n  \u003cgroupId\u003eorg.apache.geronimo\u003c/groupId\u003e\n  \u003cartifactId\u003egeronimo-jwt-auth-impl\u003c/artifactId\u003e\n  \u003cversion\u003e${jwtauth.version}\u003c/version\u003e\n\u003c/parent\u003e\n----\n\n== Configuration\n\nIMPORTANT: configuration uses Microprofile Configuration if available\nand if not system properties and `META-INF/geronimo/microprofile/jwt-auth.properties`.\n\n|===\n| Name | Description | Default\n|geronimo.jwt-auth.jwt.header.kid.default|The default `kid` if specified|-\n|geronimo.jwt-auth.jwt.header.alg.default|The default `alg` if specified|RS256\n|geronimo.jwt-auth.jwt.header.typ.default|The default `typ` if specified|JWT\n|geronimo.jwt-auth.jwt.header.typ.validate|Should the typ value be validated (only `JWT` is supported)|true\n|geronimo.jwt-auth.filter.active|If `true` it forces the filter to be added whatever config (`@LoginConfig` is used or not)|false\n|geronimo.jwt-auth.filter.mapping.default|When the JAX-RS `Application` doesn't have an `@ApplicationPath` and no servlet registration are found for the application this defines the path to use to handle JWT|/*\n|geronimo.jwt-auth.filter.publicUrls|List of URL to ignore|-\n|geronimo.jwt-auth.kids.key.mapping|The mapping between the kid and the public key to use|-\n|geronimo.jwt-auth.kids.issuer.mapping|The mapping of the issuer expected per kid|-\n|geronimo.jwt-auth.issuer.default|The default issuer to use when no mapping is found|-\n|geronimo.jwt-auth.cookie.name|The cookie name to read the JWT, note that header is read before in any case.|Bearer\n|geronimo.jwt-auth.header.name|The header name to read the JWT|Authorization\n|geronimo.jwt-auth.header.prefix|The header prefix to use|bearer\n|geronimo.jwt-auth.header.alg.supported|List of accepted `alg` value|RS256, accepted values: [RS\\|HS][256\\|384\\|512]\n|geronimo.jwt-auth.exp.required|Should the validation fail if `exp` is missing|true\n|geronimo.jwt-auth.iat.required|Should the validation fail if `iat` is missing|true\n|geronimo.jwt-auth.date.tolerance|The tolerance in ms for `exp` and `iat`|60000\n|geronimo.jwt-auth.jca.provider|The JCA provider (java security)|- (built-in one)\n|geronimo.jwt-auth.groups.mapping|The mapping for the groups|-\n|geronimo.jwt-auth.public-key.cache.active|Should public keys be cached|true\n|geronimo.jwt-auth.jwks.invalidation.interval|Invalidation interval in seconds (less than 1 means no invalidation)|0\n|geronimo.jwt-auth.public-key.default|Default public key to verify JWT|-\n|===\n\nNOTE: `org.eclipse.microprofile.jwt.config.Names` configuration is supported too.\n\nHere is a sample `META-INF/geronimo/microprofile/jwt-auth.properties`\n(assuming you don't use Microprofile config) using some of these entries:\n\n[source,properties]\n----\n# for rolesallowed accept group1 and Group1MappedRole for the requirement Group1MappedRole\ngeronimo.jwt-auth.groups.mapping = \\\nGroup1MappedRole = group1, Group1MappedRole\n\n# the global expected issuer\ngeronimo.jwt-auth.issuer.default = https://server.example.com\n\n# mapping kid1 to the embedded resource /publicKey.pem\n# can be an absolute path too\ngeronimo.jwt-auth.kids.key.mapping = \\\nkid1 = /publicKey.pem\n----\n\n== Apache OpenWebBeans\n\nFor this specification to work on Apache OpenWebBeans you need to configure a few keys (until 2.0.4).\nFor that, register a `META-INF/openwebbeans/openwebbeans.properties`:\n\n[source,properties]\n----\nconfiguration.ordinal=1001\n\n# OWB default is wrong and we need that\norg.apache.webbeans.container.InjectionResolver.fastMatching = false\n\n# only if you use Principal injection instead of JsonWebToken injection\n# since 2.0.5\norg.apache.webbeans.component.PrincipalBean.proxy = false\norg.apache.webbeans.spi.SecurityService = org.superbiz.MySecurityService\n----\n\nAnd here is a sample security service implementation:\n\n[source,java]\n----\npublic class MySecurityService extends SimpleSecurityService {\n    @Override\n    public Principal getCurrentPrincipal() {\n        return ((Supplier\u003cPrincipal\u003e) CDI.current().select(HttpServletRequest.class).get()\n                .getAttribute(Principal.class.getName() + \".supplier\")).get();\n    }\n}\n----\n\nIMPORTANT: in any case it is not recommended to use CDI `Principal` API, always prefer `JsonWebToken` one.\n\n== Run-as\n\nTo enable a \"run as\" feature - i.e. don't go through the JWT validation etc but still propagate a JWT considered as valid,\nyou can set the servlet attribute `org.eclipse.microprofile.jwt.JsonWebToken` with an implementation of that API.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapache%2Fgeronimo-jwt-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapache%2Fgeronimo-jwt-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapache%2Fgeronimo-jwt-auth/lists"}