Skip to content

Commit 4e10ef4

Browse files
rolfedhrolfedh
committed
Copy changes from PR 1490 to JWT guide and improve callouts
1 parent 32a1195 commit 4e10ef4

File tree

1 file changed

+18
-14
lines changed

1 file changed

+18
-14
lines changed

docs/src/main/asciidoc/security-jwt.adoc

Lines changed: 18 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -359,31 +359,35 @@ import java.util.Arrays;
359359
import java.util.HashSet;
360360
361361
import org.eclipse.microprofile.jwt.Claims;
362-
363362
import io.smallrye.jwt.build.Jwt;
364363
364+
/**
365+
* A utility class to generate and print a JWT token string to stdout.
366+
*/
365367
public class GenerateToken {
368+
366369
/**
367-
* Generate JWT token
370+
* Generates and prints a JWT token.
368371
*/
369372
public static void main(String[] args) {
370-
String token =
371-
Jwt.issuer("https://example.com/issuer") // <1>
372-
.upn("[email protected]") // <2>
373-
.groups(new HashSet<>(Arrays.asList("User", "Admin"))) // <3>
374-
.claim(Claims.birthdate.name(), "2001-07-13") // <4>
375-
.sign();
373+
String token = Jwt.issuer("https://example.com/issuer") // <1>
374+
.upn("[email protected]") // <2>
375+
.groups(new HashSet<>(Arrays.asList("User", "Admin"))) // <3>
376+
.claim(Claims.birthdate.name(), "2001-07-13") // <4>
377+
.sign();
378+
376379
System.out.println(token);
380+
System.exit(0);
377381
}
378382
}
379383
----
380384

381-
<1> Set JWT issuer as an `iss` claim value.
382-
This must match the server side `mp.jwt.verify.issuer` for the token to be accepted as valid.
383-
<2> The `upn` claim is defined by the {mp-jwt} spec as the preferred claim to use for the `Principal` seen by the container security APIs.
384-
<3> The `group` claim provides the groups and top-level roles associated with the JWT bearer.
385-
<4> The `birthday` claim.
386-
It can be considered a sensitive claim, so consider encrypting the claims, as described in xref:security-jwt-build.adoc[Generate JWT tokens with SmallRye JWT].
385+
<1> Sets the `iss` (issuer) claim in the JWT.
386+
This value must match the server-side `mp.jwt.verify.issuer` configuration for the token to be considered valid.
387+
<2> Specifies the `upn` (User Principal Name) claim, which the {mp-jwt} specification defines as the preferred claim for identifying the `Principal` in container security APIs.
388+
<3> Defines the `groups` claim, which provides the group memberships and top-level roles assigned to the JWT bearer.
389+
<4> Adds a `birthdate` claim.
390+
Because this can be considered sensitive information, consider encrypting claims as described in xref:security-jwt-build.adoc[Generate JWT tokens with SmallRye JWT].
387391

388392
Note that for this code to work, you need the content of the RSA private key corresponding to the public key you have in the `TokenSecuredResource` application.
389393
Take the following PEM content and place it into `security-jwt-quickstart/src/test/resources/privateKey.pem`:

0 commit comments

Comments
 (0)