Blog article: Apache Shiro: JWT Realm Authentication with JJWT 🇬🇧.
This project is a showcase how you can use Apache Shiro with JWTs (pronounced: jots). The idea here is to use as few shipped dependencies as possible. All dependencies possible should be provided by an JavaEE application server.
-
Apache Shiro (Security Framework)
-
Apache Maven (Build Tool)
-
JAX-RS 2.1 (Web Framework)
-
JJWT with custom JSON-B serializer (Showcase Tech implementation)
Additional used tech which is optional / swappable:
-
IBM OpenLiberty (any JavaEE + MP application server should do)
-
Jakarta CDI 2.0
-
Jakarta JSON-B
-
MicroProfile Config 2.0
Execute them using ./mvnw am -pl <projectdir> liberty:dev.
- keystore
-
Common keystore/truststore for the issuer and finish server for validating JWS tokens.
- issuer
-
The issuing server to get a JWT from. Not part of the tutorial, usually transparent for your application.
Starts at port 9081 as a side server. Curl using
curl -H 'accept: application/json' -H 'content-type: application/json' -v -d '{ "username": "me", "password": "me" }' --url "http://localhost:9081/login?roles=admin,user". Credentials are irrelevant, as long as they are the same. - start
-
Tutorial start setup.
- finish
-
Tutorial finish setup.