Running the MP-JWT Sample¶
This section describes how to configure and run the MP-JWT sample. This also describes how to generate JWT tokens by invoking the endpoints.
Configuring the sample¶
Pre-requisites
Before running the samples, make sure you have maven 3.x installed.
First, let's configure the sample. Follow the steps below:
- Navigate to
<SAMPLE_HOME>/microprofile/microprofile-jwt/
src/main/liberty/config
and openserver.xml
. - Replace
${CARBON_HOME}
with the directory where the Identity Server is installed. -
Navigate back to
<SAMPLE_HOME>/microprofile/microprofile-jwt
and openpom.xml
and uncomment the following section:<!--<executions>--> <!--<execution>--> <!--<id>install-server</id>--> <!--<phase>prepare-package</phase>--> <!--<goals>--> <!--<goal>install-server</goal>--> <!--<goal>create-server</goal>--> <!--<goal>install-feature</goal>--> <!--</goals>--> <!--</execution>--> <!--<execution>--> <!--<id>package-server-with-apps</id>--> <!--<phase>package</phase>--> <!--<goals>--> <!--<goal>install-apps</goal>--> <!--<goal>package-server</goal>--> <!--</goals>--> <!--</execution>--> <!--</executions>-->
-
Now, build the sample using the following command:
mvn clean install
This will generate a
microprofile-jwt-<VERSION>-resources.zip
in the target folder. -
Unzip the
microprofile-jwt-<VERSION>-resources.zip
and navigate tosample-configuration-resources
and run the following command to do the necessary configurations.sh configure_sample.sh
This configuration script will add the following configurations to the Identity Server:
-
Add three roles Debtor, Creditor and ViewBalance
-
Add three roles Cameron, Alex, and John
-
Assign roles to users as the following:
Cameron -> Debtor
Alex -> Creditor
John -> ViewBalance -
Create a service provider named
microprofile_jwt_sample
with the necessary configurations to generate an MP-JWT compatible JWT Token
-
Running the sample¶
- Navigate to the target folder which was generated when the sample was built
-
Run the following command to start the wallet service written using Eclipse Microprofile Framework:
java -jar secure-wallet-service.jar
This sample service creates following three endpoints:
-
/wallet/balance
which will send the current balance -
/wallet/credit?amount=<amount>
which adds the given amount to the current balance -
/wallet/debit?amount=<amount>
which subtracts the given amount from the current balance
These three endpoints are secured with MP-JWT as follows:
-
/balance endpoint is allowed to call by users which has one of the following roles: admin, ViewBalance, Debtor
-
/credit endpoint is allowed to call by users which has one of the following roles: admin, Creditor
-
/debit endpoint is allowed to call by users which has one of the following roles: admin, Debtor
-
Invoking the endpoints¶
You can generate the JWT tokens for each user using the below cURL command and the credentials listed below:
User | Username | Password |
---|---|---|
Cameron | cameron | cameron123 |
Alex | alex | alex123 |
John | john | john123 |
curl -H "Authorization: Basic bGk2Sk1ialc2V0RNS1RXc1JuR2NqcDV6Y0doaTpOTUIzRUFmeGg0WXZTVHFiYjNpTWtvbmdBSGpX" -H "Content-Type: application/x-www-form-urlencoded" -k -d "grant_type=password&username=<username>&password=<password>&scope=openid" https://localhost:9443/oauth2/token
Then you can invoke the endpoints using a REST client such as Postman. You need to provide the obtained JWT token in the Authorization header as a Bearer token.
If you try to invoke the endpoints without an Authorization header, you will receive an HTTP 401 Unauthorized response.
If you invoke an endpoint with a token obtained for a user which does not have access to, you can observe an HTTP 403 Forbidden response. For instance, If you try to invoke the /debit endpoint while you only have the Creditor role, you will get HTTP 403 response.
Top