Skip to content

Commit

Permalink
Merge pull request #324 from sberyozkin/remove_optional_spec_text
Browse files Browse the repository at this point in the history
Remove optional spec text and TCK tests
  • Loading branch information
sberyozkin authored Mar 13, 2024
2 parents 17cf110 + 38b685a commit 5fe1b62
Show file tree
Hide file tree
Showing 15 changed files with 18 additions and 790 deletions.
2 changes: 1 addition & 1 deletion api/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
<parent>
<groupId>org.eclipse.microprofile.jwt</groupId>
<artifactId>microprofile-jwt-auth-parent</artifactId>
<version>2.2-SNAPSHOT</version>
<version>3.0-SNAPSHOT</version>
</parent>

<artifactId>microprofile-jwt-auth-api</artifactId>
Expand Down
20 changes: 2 additions & 18 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -24,16 +24,14 @@

<groupId>org.eclipse.microprofile.jwt</groupId>
<artifactId>microprofile-jwt-auth-parent</artifactId>
<version>2.2-SNAPSHOT</version>
<version>3.0-SNAPSHOT</version>

<packaging>pom</packaging>
<name>MicroProfile JWT Auth</name>
<url>https://github.com/eclipse/microprofile-jwt-auth</url>

<properties>
<version.jakarta.authorization-api>2.0.0</version.jakarta.authorization-api>
<version.jakarta.ejb.api>4.0.0</version.jakarta.ejb.api>
<version.microprofile.config>3.0</version.microprofile.config>
<version.microprofile.config>3.1</version.microprofile.config>
<version.jose4j>0.9.4</version.jose4j>
<version.osgi.versioning>1.1.0</version.osgi.versioning>
<version.microprofile.tck.bom>2.6</version.microprofile.tck.bom>
Expand Down Expand Up @@ -125,20 +123,6 @@

<dependencyManagement>
<dependencies>
<dependency>
<groupId>jakarta.authorization</groupId>
<artifactId>jakarta.authorization-api</artifactId>
<version>${version.jakarta.authorization-api}</version>
<scope>provided</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>jakarta.ejb</groupId>
<artifactId>jakarta.ejb-api</artifactId>
<version>${version.jakarta.ejb.api}</version>
<scope>provided</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.osgi</groupId>
<artifactId>org.osgi.annotation.versioning</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion spec/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
<parent>
<groupId>org.eclipse.microprofile.jwt</groupId>
<artifactId>microprofile-jwt-auth-parent</artifactId>
<version>2.2-SNAPSHOT</version>
<version>3.0-SNAPSHOT</version>
</parent>

<artifactId>microprofile-jwt-auth-spec</artifactId>
Expand Down
37 changes: 0 additions & 37 deletions spec/src/main/asciidoc/interoperability.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -673,43 +673,6 @@ The expectations for use of the various security annotations described in sectio

In terms of mapping between the MP-JWT claims and role names used in @RolesAllowed, the role names that have been mapped to group names in the MP-JWT "groups" claim, MUST result in an allowing authorization decision wherever the security constraint has been applied.

### Recommendations for Optional Container Integration
This section describes the expected behaviors for Jakarta EE container APIs other than JAX-RS.

#### jakarta.security.enterprise.identitystore.IdentityStore.getCallerGroups(CredentialValidationResult)
This method should return the set of names found in the "groups" claim in the JWT if it exists, an empty set otherwise.

#### jakarta.ejb.SessionContext.getCallerPrincipal()
The java.security.Principal returned from this method MUST be an instance of `org.eclipse.microprofile.jwt.JsonWebToken`.

#### jakarta.ejb.SessionContext#isCallerInRole(String)
This method MUST return true for any name that is included in the MP-JWT "groups" claim, as well as for any
role name that has been mapped to a group name in the MP-JWT "groups" claim.

#### Overriding @LoginConfig from web.xml login-config
If a deployment with a web.xml descriptor contains a login-config element, an MP-JWT implementation should view the
web.xml metadata as an override to the deployment annotation.

#### jakarta.servlet.http.HttpServletRequest.getUserPrincipal()
The java.security.Principal returned from this method MUST be an instance of org.eclipse.microprofile.jwt.JsonWebToken.

#### jakarta.servlet.http.HttpServletRequest#isUserInRole(String)
This method MUST return true for any name that is included in the MP-JWT "groups" claim, as well as for any
role name that has been mapped to a group name in the MP-JWT "groups" claim.

#### jakarta.security.jacc.PolicyContext.getContext("javax.security.auth.Subject.container")
The javax.security.auth.Subject returned by the PolicyContext.getContext(String key) method with the standard
"javax.security.auth.Subject.container" key, MUST return a Subject that has a `java.security.Principal` of type
`org.eclipse.microprofile.jwt.JsonWebToken` amongst it's set of `Principal`s returned by `getPrincipals()``. Similarly,
`Subject#getPrincipals(JsonWebToken.class)` must return a set with at least one value. This means that following code
snipet must not throw an AssertionError:

```java
Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
Set<? extends Principal> principalSet = subject.getPrincipals(JsonWebToken.class);
assert principalSet.size() > 0;
```

## Mapping MP-JWT Token to Other Container APIs
For non-Jakarta EE containers that provide access to some form of `java.security.Principal` representation of an authenticated
caller, the caller principal MUST be compatible with the `org.eclipse.microprofile.jwt.JsonWebToken` interface.
10 changes: 1 addition & 9 deletions tck/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
<parent>
<groupId>org.eclipse.microprofile.jwt</groupId>
<artifactId>microprofile-jwt-auth-parent</artifactId>
<version>2.2-SNAPSHOT</version>
<version>3.0-SNAPSHOT</version>
</parent>

<artifactId>microprofile-jwt-auth-tck</artifactId>
Expand Down Expand Up @@ -59,14 +59,6 @@
<groupId>jakarta.ws.rs</groupId>
<artifactId>jakarta.ws.rs-api</artifactId>
</dependency>
<dependency>
<groupId>jakarta.authorization</groupId>
<artifactId>jakarta.authorization-api</artifactId>
</dependency>
<dependency>
<groupId>jakarta.ejb</groupId>
<artifactId>jakarta.ejb-api</artifactId>
</dependency>
<dependency>
<groupId>org.bitbucket.b_c</groupId>
<artifactId>jose4j</artifactId>
Expand Down

This file was deleted.

This file was deleted.

This file was deleted.

Loading

0 comments on commit 5fe1b62

Please sign in to comment.