Skip to content

Running the MP-JWT Sample

This section describes how to configure and run the MP-JWT sample. This also describes how to generate JWT tokens by invoking the endpoints.

Configuring the sample


Before running the samples, make sure you have maven 3.x installed.

First, let's configure the sample. Follow the steps below:

  1. Navigate to <SAMPLE_HOME>/microprofile/microprofile-jwt/ src/main/liberty/config and open server.xml .
  2. Replace ${CARBON_HOME} with the directory where the Identity Server is installed.
  3. Navigate back to <SAMPLE_HOME>/microprofile/microprofile-jwt and open pom.xml and uncomment the following section:

  4. Now, build the sample using the following command:

    mvn clean install

    This will generate a microprofile-jwt-<VERSION> in the target folder.

  5. Unzip the microprofile-jwt-<VERSION> and navigate to sample-configuration-resources and run the following command to do the necessary configurations.


    This configuration script will add the following configurations to the Identity Server:

    • Add three roles Debtor, Creditor and ViewBalance

    • Add three roles Cameron, Alex, and John

    • Assign roles to users as the following:
      Cameron -> Debtor
      Alex -> Creditor
      John -> ViewBalance

    • Create a service provider named microprofile_jwt_sample with the necessary configurations to generate an MP-JWT compatible JWT Token

Running the sample

  1. Navigate to the target folder which was generated when the sample was built
  2. Run the following command to start the wallet service written using Eclipse Microprofile Framework:

    java -jar secure-wallet-service.jar

    This sample service creates following three endpoints:

    • /wallet/balance which will send the current balance

    • /wallet/credit?amount=<amount> which adds the given amount to the current balance

    • /wallet/debit?amount=<amount> which subtracts the given amount from the current balance

    These three endpoints are secured with MP-JWT as follows:

    • /balance endpoint is allowed to call by users which has one of the following roles: admin, ViewBalance, Debtor

    • /credit endpoint is allowed to call by users which has one of the following roles: admin, Creditor

    • /debit endpoint is allowed to call by users which has one of the following roles: admin, Debtor

Invoking the endpoints

You can generate the JWT tokens for each user using the below cURL command and the credentials listed below:

User Username Password
Cameron cameron cameron123
Alex alex alex123
John john john123
curl -H "Authorization: Basic bGk2Sk1ialc2V0RNS1RXc1JuR2NqcDV6Y0doaTpOTUIzRUFmeGg0WXZTVHFiYjNpTWtvbmdBSGpX" -H "Content-Type: application/x-www-form-urlencoded" -k -d "grant_type=password&username=<username>&password=<password>&scope=openid" https://localhost:9443/oauth2/token

Then you can invoke the endpoints using a REST client such as Postman. You need to provide the obtained JWT token in the Authorization header as a Bearer token.

If you try to invoke the endpoints without an Authorization header, you will receive an HTTP 401 Unauthorized response.

If you invoke an endpoint with a token obtained for a user which does not have access to, you can observe an HTTP 403 Forbidden response. For instance, If you try to invoke the /debit endpoint while you only have the Creditor role, you will get HTTP 403 response.