Details
Description
At the moment activation of MP-JWT triggers the activation of EE Security and JASPIC, at it's core the MP-JWT specification is a simple header based authentication mechanism so we should be able to cut out the additional layers.
The main requirement will still be that the microprofile-jwt subsystem performs the same actions to detect the need to activate MP-JWT.
The subsystem can likely make a HttpAuthenticationFactory available for use later.
A key point here is the mechanism will still need to be coming from the application for the relevant CDI integration.
Attachments
1.
|
Review types which can be injected from EE security | Open | Unassigned |