> For the complete documentation index, see [llms.txt](https://avbravo-2.gitbook.io/payaramicro/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://avbravo-2.gitbook.io/payaramicro/payara-con-jwt/cliente-jwt.md). # Cliente jwt Abrimos la aplicación: web-app generada ![](/files/-LvuV6grNsel2XC1vkKb) ### Archivo microprofile-config.properties Contiene el public key generado ``` mp.jwt.verify.publickey=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprklfylWG4UCFvI4TIXsHB3dZlig1zlsOZWqEqrD3T9dV+PA5XKqL3sujpAiXRZM2fR7Qc8V9VcnuRvph+ihNs77imIKAH29+gPoB4Aq48iiUPWU5B7AzmJqLVgdYMuzYPy1emfXyk2oYXoHnc+6eGJSHidb5KqnM3e662ZTDTahXAS1cQKvYXqGxExaI+DSHEwTglGN+n4suUkW4Vt0KOYkN0gFPCf4wKbXZZfiosF59cjAQ/YVE2EwXQ8KCDGpTh3Uy4vkz+wX3cmEOAzPU0SddFXr3u5Zm3xf1BCC1EqLsGqbx2vOOeBNW4lOrRX2HpgBjM+ZYS0ZjtOwC+tc/QIDAQAB mp.jwt.verify.issuer=http://apuntesdejava.com ``` ### JAXRSConfiguration.java Contiene la autentificaciòn y roles ```java import javax.annotation.security.DeclareRoles; import javax.ws.rs.ApplicationPath; import javax.ws.rs.core.Application; import org.eclipse.microprofile.auth.LoginConfig; @ApplicationPath("resources") @LoginConfig(authMethod = "MP-JWT") @DeclareRoles({"user_web","user_mobile"}) public class JAXRSConfiguration extends Application { } ``` ### PingResources.java Microservicio con autenticación por JWT ```java import java.security.Principal; import javax.annotation.security.PermitAll; import javax.annotation.security.RolesAllowed; import javax.inject.Inject; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; import static javax.ws.rs.core.MediaType.TEXT_PLAIN; import org.eclipse.microprofile.jwt.JsonWebToken; @Path("ping") @Produces(TEXT_PLAIN) public class PingResource { @Inject private Principal principal; @Inject private JsonWebToken jwt; @GET @PermitAll @Path("all") public String ping() { return principal.getName() + jwt.getGroups(); } @GET @RolesAllowed({"user_web","user_mobile"}) @Path("secure") public String pingSecure() { return principal.getName() + jwt.getGroups(); } } ``` ### en WEB-INF ![](/files/-LvuVzK077KhO4VwZy3d) El archivo beans.xml ```java ``` ### Construimos la aplicación y hacemos el deployed en Payara ![](/files/-LvvOKHtiLELtDch8iRB) Aparece en la lista de aplicaciones ![](/files/-LvvOiYjeC_wBrP4T2QQ) Ahora consumimos el recurso @Path("all"), recuerde que esta definido sin restricciones de acceso @PermitAll ```java @GET @PermitAll @Path("all") public String ping() { return principal.getName() + jwt.getGroups(); } ``` Desde consola ejecutamos ```java http :8080/web-app/resources/ping/all ``` ![](/files/-LvvPWUdQDQKCYzHkU6v) Ahora vamos a consumir secure. Este solo permite el acceso de los usuarios con roles user\_web o user\_mobile ```java @GET @RolesAllowed({"user_web","user_mobile"}) @Path("secure") public String pingSecure() { return principal.getName() + jwt.getGroups(); } ``` Ejecutar desde consola ```java http :8080/web-app/resources/ping/secure ``` envía el mensaje HTTP/1.1 401 Unauthorized, ya que tenemos que especificar los roles user\_web o user\_mobile. ![](/files/-LvvRP383cmwBZPITPsu) ### Usaremos la cabecera generada para el user1 Recuerde que la generamos de la siguiente manera ```bash http --form :8080/jwt-provider/auth username=user1 password=user1 ``` genera ![](/files/-LvvVI8PeKw_m5tSiAUc) copiamos el código ```bash Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiOiJteS1oZWFkZXIta2V5IiwiYWxnIjoiUlMyNTYifQ.eyJpYXQiOjE1NzYxNzc1NDQsImV4cCI6MTU3NjI3NzU0NCwic3ViIjoidXNlcjEiLCJhdWQiOiJhdWRpZW5jZSIsImdyb3VwcyI6WyJ1c2VyX3dlYiJdLCJqdGkiOiI3MjhlODgyMS0zZDVhLTRmN2ItOTg1Ni03Y2ZjYjY4MjU4Y2YiLCJpc3MiOiJodHRwOi8vYXB1bnRlc2RlamF2YS5jb20ifQ.I92UBX0BmkOhFtn6h9Oo_1tpLd0vQZkkHWac2XlVjECXWl9ihzG1b13U_RzvtHzJfHJRJIyhHkBG0tc8bdckuBkkkwl1ydsgcJEHI5PsV_elIKOY3WXjWl4J8vacb-b7-5gQqlHz1LbrlBwIQ42YxGqhLxl64rFTz8NmuDsqr4167hyj57_puJszuXTIJYbmK-hATzibPdmAZOfDjfuxMjTvxanvkCqm7KK0w5Zl-0xOwDQLxzq82jdQvMDZlpVDV438HBgM3_fjKppQ8QV7o9VyGE5L4wOjqpiFQp4pDkte3h3wrL8OQHdIvK089Ji8_qoeFkpbvQ9DisXBF1omMw ``` En la prueba para el security incluimos entre comillas las cabecera ```bash http :8080/web-app/resources/ping/secure "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiOiJteS1oZWFkZXIta2V5IiwiYWxnIjoiUlMyNTYifQ.eyJpYXQiOjE1NzYxNzc1NDQsImV4cCI6MTU3NjI3NzU0NCwic3ViIjoidXNlcjEiLCJhdWQiOiJhdWRpZW5jZSIsImdyb3VwcyI6WyJ1c2VyX3dlYiJdLCJqdGkiOiI3MjhlODgyMS0zZDVhLTRmN2ItOTg1Ni03Y2ZjYjY4MjU4Y2YiLCJpc3MiOiJodHRwOi8vYXB1bnRlc2RlamF2YS5jb20ifQ.I92UBX0BmkOhFtn6h9Oo_1tpLd0vQZkkHWac2XlVjECXWl9ihzG1b13U_RzvtHzJfHJRJIyhHkBG0tc8bdckuBkkkwl1ydsgcJEHI5PsV_elIKOY3WXjWl4J8vacb-b7-5gQqlHz1LbrlBwIQ42YxGqhLxl64rFTz8NmuDsqr4167hyj57_puJszuXTIJYbmK-hATzibPdmAZOfDjfuxMjTvxanvkCqm7KK0w5Zl-0xOwDQLxzq82jdQvMDZlpVDV438HBgM3_fjKppQ8QV7o9VyGE5L4wOjqpiFQp4pDkte3h3wrL8OQHdIvK089Ji8_qoeFkpbvQ9DisXBF1omMw" ``` y obtenemos la informacion del token del usuario ![](/files/-LvvWandk6OCkAq9fFjl) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://avbravo-2.gitbook.io/payaramicro/payara-con-jwt/cliente-jwt.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.