Merge pull request #775 from jamezp/WFLY-18483

[WFLY-18483] Update the jaxrs-jwt for the Common Enhancements. Make t…
wildfly · Nov 20, 2023 · 630f60a · 630f60a
2 parents b82f87c + 9363fe2
commit 630f60a
Show file tree

Hide file tree

Showing 18 changed files with 559 additions and 586 deletions.
diff --git a/.github/workflows/quickstart_jaxrs-jwt_ci.yml b/.github/workflows/quickstart_jaxrs-jwt_ci.yml
@@ -0,0 +1,17 @@
+name: WildFly jaxrs-jwt Quickstart CI
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+    branches-ignore:
+      - 'dependabot/**'
+    paths:
+      - 'jaxrs-jwt/**'
+      - '.github/workflows/quickstart_ci.yml'
+
+jobs:
+  call-quickstart_ci:
+    uses: ./.github/workflows/quickstart_ci.yml
+    with:
+      QUICKSTART_PATH: jaxrs-jwt
+      TEST_PROVISIONED_SERVER: true
diff --git a/jaxrs-jwt/README.adoc b/jaxrs-jwt/README.adoc
@@ -1,19 +1,19 @@
 include::../shared-doc/attributes.adoc[]
 
-= jaxrs-jwt: JAX-RS secured using JSON Web Tokens (JWTs)
+= jaxrs-jwt: Jakarta REST secured using JSON Web Tokens (JWTs)
 :author: Martin Mazanek
 :level: Intermediate
 :technologies: JAX-RS, Security
 
 [abstract]
-The `jaxrs-jwt` quickstart demonstrates a JAX-RS secured application using JSON Web Tokens (JWT) with Elytron.
+The `jaxrs-jwt` quickstart demonstrates a Jakarta REST secured application using JSON Web Tokens (JWT) with Elytron.
 
 :standalone-server-type: default
 :archiveType: war
 
 == What is it?
 
-This quickstart demonstrates how to secure a JAX-RS service with JWTs using the Elytron subsystem.
+This quickstart demonstrates how to secure a Jakarta REST service with JWTs using the Elytron subsystem.
 
 There are 4 resource endpoints, plus another one for generating JWTs.
 
@@ -30,43 +30,6 @@ include::../shared-doc/system-requirements.adoc[leveloffset=+1]
 // Use of {jbossHomeName}
 include::../shared-doc/use-of-jboss-home-name.adoc[leveloffset=+1]
 
-[[generate_an_rs256_key_pair]]
-== Generate an RS256 Key Pair
-
-Elytron uses RS256 (SHA256withRSA), RS384 (SHA384withRSA), and RS512 (SHA512withRSA) asymmetric keys for signing JWTs. The keys must be in PKCS#8 format.
-
-You can generate your own RS256 key pair using java keytool.
-
-. Open a terminal and navigate to the {productName} server `configuration` directory:
-+
-[source,subs="+quotes,attributes+",options="nowrap"]
-----
-For Linux:   standalone/configuration
-For Windows: standalone\configuration
-----
-
-. Create a keystore for your server using the following command:
-+
-[source,options="nowrap"]
-----
-$>keytool -genkey -alias alias -keyalg RSA -keysize 2048 -keystore jwt.keystore -storepass secret -keypass secret
-
-What is your first and last name?
-   [Unknown]:  localhost
-What is the name of your organizational unit?
-   [Unknown]:  wildfly
-What is the name of your organization?
-   [Unknown]:  jboss
-What is the name of your City or Locality?
-   [Unknown]:  Raleigh
-What is the name of your State or Province?
-   [Unknown]:  Carolina
-What is the two-letter country code for this unit?
-   [Unknown]:  US
-Is CN=localhost, OU=wildfly, O=jboss, L=Raleigh, ST=Carolina, C=US correct?
-   [no]:  yes
-----
-
 // Back Up the {productName} Standalone Server Configuration
 include::../shared-doc/back-up-server-standalone-configuration.adoc[leveloffset=+1]
 // Start the {productName} Standalone Server
@@ -107,7 +70,7 @@ After stopping the server, open the `__{jbossHomeName}__/standalone/configuratio
 [source,xml,options="nowrap"]
 ----
 <token-realm name="jwt-realm" principal-claim="sub">
-    <jwt issuer="quickstart-jwt-issuer" audience="jwt-audience" key-store="jwt-key-store" certificate="alias"/>
+    <jwt issuer="quickstart-jwt-issuer" audience="jwt-audience" key-store="jwt-key-store" certificate="jwt-auth"/>
 </token-realm>
 ----
 . The following `security-domain` was added, which uses the `jwt-realm`.
@@ -158,85 +121,10 @@ include::../shared-doc/build-and-deploy-the-quickstart.adoc[leveloffset=+1]
 [[access_the_application]]
 == Access the Application
 
-Before you run the client, make sure you have already successfully deployed the REST to the server in the previous step.
-
-Type the following command to execute the client in `client` directory.
-
-[source,options="nowrap"]
-----
-$ mvn exec:java
-----
-
-== Investigate the Console Output
-
-When you run the `mvn exec:java` command, you see the following output.
-
-[source,options="nowrap"]
-----
-------------------------------
-Testing admin
-------------------------------
-Obtaining JWT...
-Accessing /protected...
-Status: 200
-{"path":"protected","result":"Hello admin!"}
-
-Accessing /public...
-Status: 200
-{"path":"public","result":"Hello admin!"}
-
-Accessing /customer...
-Status: 403
-
-Accessing /claims...
-Status: 200
-{"sub":"admin","aud":["jwt-audience"],"iss":"quickstart-jwt-issuer","groups":["admin"],"exp":1519336360000}
-
-------------------------------
-Testing customer
-------------------------------
-Obtaining JWT...
-Accessing /protected...
-Status: 403
-
-Accessing /public...
-Status: 200
-{"path":"public","result":"Hello customer!"}
-
-Accessing /customer...
-Status: 200
-{"path":"customer","result":"Hello customer!"}
-
-Accessing /claims...
-Status: 200
-{"sub":"customer","aud":["jwt-audience"],"iss":"quickstart-jwt-issuer","groups":["customer"],"exp":1519336360000}
-
-------------------------------
-Testing without token
-------------------------------
-Accessing /protected...
-Status: 401
-
-Accessing /public...
-Status: 200
-{"path":"public","result":"Hello anonymous!"}
-
-Accessing /customer...
-Status: 401
-
-Accessing /claims...
-Status: 204
-----
-
-The client tries to test service functionality using 3 identities.
-
-1. `admin` - this user belongs to group `admin`, which gives him
-rights to access `/rest/protected`
-2. `customer` - this user belongs to group `customer`, which gives him rights to access `/rest/customer`
-3. no credentials provided - the client tries to access all endpoints, but can only access unprotected `/rest/public`
-
-The endpoint `/rest/claims` demonstrates a way, how you could extract token claims for further manipulation.
+The `JwtAuthIT` test shows how a client can authenticate with the server.
 
+// Server Distribution Testing
+include::../shared-doc/run-integration-tests-with-server-distribution.adoc[leveloffset=+2]
 // Undeploy the Quickstart
 include::../shared-doc/undeploy-the-quickstart.adoc[leveloffset=+1]
 // Restore the {productName} Standalone Server Configuration
@@ -257,12 +145,8 @@ include::../shared-doc/restore-standalone-server-configuration-manual.adoc[level
 // Debug the Application
 include::../shared-doc/debug-the-application.adoc[leveloffset=+1]
 
-//*************************************************
-// Product Release content only
-//*************************************************
-ifdef::ProductRelease[]
-
-// Quickstart not compatible with OpenShift
-include::../shared-doc/openshift-incompatibility.adoc[leveloffset=+1]
+ifndef::ProductRelease,EAPXPRelease[]
+include::../shared-doc/build-and-run-the-quickstart-with-provisioned-server.adoc[leveloffset=+1]
+endif::[]
 
-endif::[]
+include::../shared-doc/build-and-run-the-quickstart-with-openshift.adoc[leveloffset=+1]
diff --git a/jaxrs-jwt/client/pom.xml b/jaxrs-jwt/client/pom.xml
diff --git a/jaxrs-jwt/client/src/main/java/org/jboss/quickstarts/jaxrsjwt/client/JwtRestClient.java b/jaxrs-jwt/client/src/main/java/org/jboss/quickstarts/jaxrsjwt/client/JwtRestClient.java