TomEE: Debug JWT Login

Question

I would very much appreciate a little pointer to some TomEE/OpenEjb class for debugging my JWT rest service. I'm facing the problem that TomEE rejects access (403) to my test service despite having a JWT token in the request header. My test service simply looks like this:

@RestClient
@Path("/jwt")
public class JwtTestWS {

@Inject
private JsonWebToken jwtPrincipal;

@GET
@RolesAllowed("school")
    public Response jwtTest(@HeaderParam("AUTHORIZATION") String auth) {
        return Response.ok().build();
    }
}

I set up an Application config class, too:

@LoginConfig(authMethod = "MP-JWT")
public class ApplicationConfig extends Application {
}

And a microprofiles-config with:

mp.jwt.verify.issuer=example.com
mp.jwt.verify.publickey=[PKCS#8 RSA public key here]

I currently need to generate my own JWT (using JJWT). Thus I would like to see what TomEE/openEjb is doing to find out where the problem is (my JWT or some configuration problem). Can someone point me to some initial (functional) class & method that will be called during authentication in TomEE? I would like to find the point where a) I can verify that JWT is used for authentication, and b) where the verification is performed - so that I can find out if my JWT is correct These should be classes I can debug (not interfaces from the specs).

Any help would be very much appreciated

Answer 1

Try sticking a breakpoint in OpenEJBValve? JWT Authentication would likely be handled in a Valve or Filter, so you could also check subclasses of those and stick breakpoints in there.