Running the MP-JWT Sample
This section describes how to configure and run the MP-JWT sample. This also describes how to generate JWT tokens by invoking the endpoints.Â
Configuring the sample
Pre-requisites
Before running the samples, make sure you have maven 3.x installed.
First, let's configure the sample. Follow the steps below:
- Navigate toÂ
<SAMPLE_HOME>/microprofile/microprofile-jwt/
src/main/liberty/config
 and openÂserver.xml
. - Replace
${CARBON_HOME}
with the directory where the Identity Server is installed. Navigate back toÂ
<SAMPLE_HOME>/microprofile/microprofile-jwtÂ
and openÂpom.xmlÂ
and uncomment the following section:<!--<executions>--> <!--<execution>--> <!--<id>install-server</id>--> <!--<phase>prepare-package</phase>--> <!--<goals>--> <!--<goal>install-server</goal>--> <!--<goal>create-server</goal>--> <!--<goal>install-feature</goal>--> <!--</goals>--> <!--</execution>--> <!--<execution>--> <!--<id>package-server-with-apps</id>--> <!--<phase>package</phase>--> <!--<goals>--> <!--<goal>install-apps</goal>--> <!--<goal>package-server</goal>--> <!--</goals>--> <!--</execution>--> <!--</executions>-->
Now, build the sample using the following command:
mvn clean install
This will generate aÂ
microprofile-jwt-<VERSION>-resources.zip
 in the target folder.Unzip the
microprofile-jwt-<VERSION>-resources.zip
and navigate tosample-configuration-resources
and run the following command to do the necessary configurations.sh configure_sample.sh
This configuration script will add the following configurations to the Identity Server:
Add three roles Debtor, Creditor and ViewBalance
Add three roles Cameron, Alex, and John
Assign roles to users as the following:
Cameron -> Debtor
Alex -> Creditor
John -> ViewBalanceCreate a service provider named
microprofile_jwt_sample
with the necessary configurations to generate an MP-JWT compatible JWT Token
Running the sample
- Navigate to the target folder which was generated when the sample was builtÂ
Run the following command to start the wallet service written using Eclipse Microprofile Framework:
java -jar secure-wallet-service.jar
This sample service creates following three endpoints:
/wallet/balance
which will send the current balance/wallet/credit?amount=<amount>
which adds the given amount to the current balance/wallet/debit?amount=<amount>
which subtracts the given amount from the current balance
These three endpoints are secured with MP-JWT as follows:
/balance endpoint is allowed to call by users which has one of the following roles: admin, ViewBalance, Debtor
/credit endpoint is allowed to call by users which has one of the following roles: admin, Creditor
/debit endpoint is allowed to call by users which has one of the following roles: admin, Debtor
Invoking the endpoints
You can generate the JWT tokens for each user using the below cURL command and the credentials listed below:
User | Username | Password |
---|---|---|
Cameron | cameron | cameron123 |
Alex | alex | alex123 |
John | john | john123 |
curl -H "Authorization: Basic bGk2Sk1ialc2V0RNS1RXc1JuR2NqcDV6Y0doaTpOTUIzRUFmeGg0WXZTVHFiYjNpTWtvbmdBSGpX" -H "Content-Type: application/x-www-form-urlencoded" -k -d "grant_type=password&username=<username>&password=<password>&scope=openid" https://localhost:9443/oauth2/token
Then you can invoke the endpoints using a REST client such as Postman. You need to provide the obtained JWT token in the Authorization header as a Bearer token.
If you try to invoke the endpoints without an Authorization header, you will receive an HTTP 401 Unauthorized response.
If you invoke an endpoint with a token obtained for a user which does not have access to, you can observe an HTTP 403 Forbidden response. For instance, If you try to invoke the /debit endpoint while you only have the Creditor role, you will get HTTP 403 response.