Creation of one KumuluzEE App and with it investigate how the JWT token works.
This is the main project struture:
- your-finance-banking - This is an extremely basic banking application that only performs a couple of functions
- your-finance-jwt-generator - Java project that creates a JWT token. It is an alternative to project jwtenizr, by Adam Bien.
- your-finance-k-jwt-generator - Kotlin project that creates a JWT token. It is an alternative to project jwtenizr, by Adam Bien.
This project is also the official support project of my article on medium:
Learning JWT security using KumuluzEE — The finances of a league of the environment
- 0.0.0 - 0bae454ebed482d6f1652bbc295c2b8b07bd1a20 - Java / JD17 / KumuluzEE
- 1.0.0 - ecd9d600f0ab265f343f3697f6f36a17a35f9aa6 - Kotlin 1.8.0 / JDK17 / KumuluzEE
There are many scripts available in the Makefile at the root of this project. However, the way to start this project and see all the aspects of it, it's better to just start the containers and open the cypress console;
- Run command
make dcup-full-action - Run cypress with
make cypress-open
You can also run everything at once with
make demo-action
Running the previous commands performs the following actions
- Cleanup environment
- Make a first Maven build to ensure that the JWT generator project is compiled
- Creates AWS tokens using jwtenizr and your-finance-jwt-generator in separate locations:
- Start Generation Scripts
- Create User creation script: jwtenizr-files/createUser.sh and your-finance-files/createUser.sh
- Create Account creation script: jwtenizr-files/createAccount.sh and your-finance-files/createAccount.sh
- Create Send Money creation script: jwtenizr-files/sendMoney.sh and your-finance-files/sendMoney.sh
- Create Asks Credit script: jwtenizr-files/askCredit.sh and your-finance-files/askCredit.sh
- Creates CSV to be used in Swagger tests;
- Name/JWT token pairs: jwtenizr-files/tokenNameValue.csv and your-finance-files/tokenNameValue.csv
- Sets variables in config.yml
- Makes new Maven build to create a running jar with the correct configuration
- Copies both jars to separate foldersyour-finance-images
- Starts both containers via your-finance-images/docker-compose.yaml
- Runs cypress console
openssl req -new -newkey rsa:4096 -nodes -keyout yourfinance.key -out yourfinance.csr
openssl x509 -req -sha256 -days 365 -in yourfinance.csr -signkey yourfinance.key -out yourfinance.pem- Eclipse MicroProfile JWT Authentication API
- MicroProfile JSON Web Token (JWT)
- JSON Web Token Claims
- Kumuluz Blog
- kumuluzEE
- REST API Security
- RESTful API Security
- Tutorial: Create and Verify JWTs in Java
- oktadeveloper/okta-java-jwt-example
- Spring Boot CLI
- Java EE Security API (JSR 375/Soteria) with JWT tokens
- payara/Payara-Examples
- Securing JAX-RS Endpoints with JWT
- Secure your application with Eclipse MicroProfile JWT Auth
- JWT Dispenser
- Configurable Token Expiration 4.0.0
- Microservices with KumuluzEE MicroProfile 1.2
- JWT authentication: When and how to use it
- The Ultimate Guide to handling JWTs on frontend clients (GraphQL)
- IANA JSON Web Token (JWT)
- CyberChef
- Using KumuluzEE Security
- A plain English introduction to JSON web tokens (JWT): what it is and what it isn’t
- Internet Engineering Task Force RFC7519
