Step 2 - Understand and configure the Authors microserice on OpenLiberty
Overview
We need to verify following relevant classes for the usage of JWT with MicroProfile:
AuthorsApplication
Java classGetAuthor
Java classserver.xml
for the OpenLiberty server
We have to insert the public RS256 signed JWT Key from Keycloak in following file src/main/webapp/META-INF/keycloak-public-key.pem
. MicroProfile uses the file microprofile-config.properties
to get the location of the key information.
Overview of the classes
AuthorsApplication
class represents our RESTful application and is configured to use login with JWT.GetAuthor
class represents the REST API Endpoint, which is protected JWT security, defined by a specific role.Author
class represents the data structure we use for the Author and is also used in the test.HealthEndpoint
class is responsible for Kubernetes provides liveness and readiness probes, when we would deploy the Microservice to Kubernetes.
The simplified classdiagram shows an overview of classes of our project, for the Microservice and the JUnit test.
Step 1: Verify the modifications in the Authors Microservice
With org.eclipse.microprofile.auth.LoginConfig
and @LoginConfig(authMethod = "MP-JWT")
we add the JWT authenication to the RESTful application and with javax.annotation.security.DeclareRoles
and @DeclareRoles({"authors-role-cloud-native-starter"}) we define the roles, which can be used in the Microservice application to enable protection.
AuthorsApplication
class
GetAuthor
class
In that class we protect the invocation of the REST Endpoint with the role @RolesAllowed({"authors-role-cloud-native-starter"})
and we show the content of the JWT content later.
Step 2: Verify the modification of the Liberty server.xml
server.xml
We define the configuration for the JWT. We need to ensure that we find the values for the issuer, audiences, userNameAttribute our JWT. Below is an extract to the JWT content and a the table with the mapping:
The issuer, audiences, userNameAttribute must be mapped to your server.xml file. Here you find the definitions OpenLiberty expects in a JWT.
This is an extract of the server.xml
for our OpenLiberty server:
Step 3: Insert the RS256 JWT key in the file keycloak-public-key.pem
keycloak-public-key.pem
The file is saved in that folder src/main/webapp/META-INF/keycloak-public-key.pem
.
Your src/main/webapp/META-INF/keycloak-public-key.pem
file should look like this:
We get the public key by using the URL http://localhost:8282/auth/admin/master/console/#/realms/cloudnativestarter/keys
and then we press public key. Copy and past the content into the src/main/webapp/META-INF/keycloak-public-key.pem
file.
The following image shows the invocation.
Step 4: Verify the microprofile-config.properties
file content
microprofile-config.properties
file contentMicroProfile uses a file to locate the publickey.location
information resource and the issuer
URL. The file microprofile-config.properties
is located is here: src/main/webapp/META-INF/microprofile-config.properties
.
Step 3: Modifications in the pom.xml
No additional change made. Usage of the pom.xml for the JUnit test.
Last updated