This specification enables mapping MicroProfile JWT tokens to Jakarta EE container APIs not included in the MicroProfile umbrella and provides a place where Jakarta EE specifications, such as Jakarta Security, can build requirements and seamless integrations with MicroProfile JWT.
The crux of the MP JWT Bridge specification is the creation of a new @JwtAuthenticationMechanismDefinition annotation used to define a JWT authentication mechanism for verifying JWT bearer tokens which are sent with HTTP Authorization or other headers.
An example of the auth mechanism's usage is shown here:
Click "Share" > select "People with link" > click "Link Settings" > under "Link Expiration" select "Disable Shared Link on" > set an expiration date ~10 years into the future
Important: Labels are used to trigger particular steps and must be added as indicated.
Prioritization (Complete Before Development Starts)
The OpenLiberty/chief-architect and area leads are responsible for prioritizing the features and determining which features are being actively worked on.
Design preliminaries determine whether a formal design, which will be provided by an Upcoming Feature Overview (UFO) document, must be created and reviewed. A formal design is required if the feature requires any of the following: UI, Serviceability, SVT, Performance testing, or non-trivial documentation/ID. Furthermore, each identified item places a blocking requirement on another team so it must be identified early in the process. The feature owner may check-off the item if they know it doesn't apply, but otherwise they should work with the focal point to determine what work, if any, will be necessary and make them aware of it.
Design Preliminaries
[ ] UI requirements identified, or N/A. (Feature owner and UI focal point)
Add the public link to the UFO in Box to the Documents section.
The UFO must always accurately reflect the final implementation of the feature. Any changes must be first approved. Afterwards, update the UFO by creating a copy of the original approved slide(s) at the end of the deck and prepend "OLD" to the title(s). A single updated copy of the slide(s) should take the original's place, and have its title(s) prepended with "UPDATED".
No Design
[ ] No Design requested.
Feature owner adds label No Design Approval Request
Note: For stabilized, superseded, and discontinued feature/capability, skip the Beta section of the template (you may delete it). Otherwise, proceed as normal.
A feature must be prioritized before any implementation work may begin to be delivered (inaccessible/no-ship). However, a design focused approach should still be applied to features, and developers should think about the feature design prior to writing and delivering any code.
Besides being prioritized, a feature must also be socialized (or No Design Approved) before any beta code may be delivered. All new Liberty content must be inaccessible in our GA releases until it is Feature Complete by either marking it kind=noship or beta fencing it.
Code may not GA until this feature has obtained the Design Approved or No Design Approved label, along with all other tasks outlined in the GA section.
Feature Development Begins
[ ] Add the In Progress label
Legal and Translation
In order to avoid last minute blockers and significant disruptions to the feature, the legal items need to be done as early in the feature process as possible, either in design or as early into the development as possible. Similarly, translation is to be done concurrently with development. All items below MUST be completed before beta & GA is requested.
Innovation (Complete 1 week before Beta & GA Feature Complete Date)
[ ] Consider whether any aspects of the feature may be patentable. If any identified, disclosures have been submitted.
Legal (Complete before Beta & GA Feature Complete Date)
[ ] Changed or new open source libraries are cleared and approved, or N/A. (Legal Release Services/Cass Tucker/Release PM).
Translation (Complete by Beta & GA Feature Complete Date)
[ ] PII (Program Integrated Information) updates are merged (i.e. all English strings due for translation have been delivered), or N/A.
Beta
In order to facilitate early feedback from users, all new features and functionality should first be released as part of a beta release.
Add a link to the beta blog issue in the Documents section.
Note: This is for inclusion into the overall beta release blog post. If, in addition, you'd also like to create a dedicated blog post about your feature, then follow the "Standalone Feature Blog Post" instructions under the Other Deliverables section.
GA
A feature is ready to GA after it is Feature Complete and has obtained all necessary Focal Point Approvals.
Feature Complete
[ ] Feature implementation and tests completed.
[ ] All PRs are merged.
[ ] All related/child issues are closed.
[ ] All stop ship issues are completed.
[ ] Legal: all necessary approvals granted.
[ ] Innovation: IP identified and any applicable disclosures submitted
[ ] Translation: Feature may only proceed to GA if it has either Translation - Complete or Translation - Missing label
If all translation has been delivered to release branch, feature owner adds label Translation - Complete.
If missing translation does not cause a break in functionality, nor a security or production outage risk, feature owner adds label Translation - Missing.
Once all missing translations are delivered, the Translation - Missing label is replaced with Translation - Complete.
If missing translation could cause a break in functionality or a security or production outage risk, feature owner adds the Translation - Blocked label.
Features with Translation - Blocked may NOT proceed to GA until the label has been replaced with either Translation - Missing or Translation - Complete.
[ ] GA development complete and feature ready for inclusion in a GA release
Add label target:ga and the appropriate target:YY00X (where YY00X is the targeted GA version).
Inclusion in a release requires the completion of all Focal Point Approvals.
Focal Point Approvals (Complete by Feature Complete Date)
These occur only after GA of this feature is requested (by adding a target:ga label). GA of this feature may not occur until all approvals are obtained.
NOTE: If only trivial documentation changes are required, you may reach out to the ID Feature Focal to request a ID Required - Trivial label. Unlike features with regular ID requirement, those with ID Required - Trivial label do not have a hard requirement for a Design/UFO.
Add a link to the GA Blog issue in the Documents section.
Note: This is for inclusion into the overall release blog post. If, in addition, you'd also like to create a dedicated blog post about your feature, then follow the "Standalone Feature Blog Post" instructions under the Other Deliverables section.
Post GM (Complete before GA)
[ ] After confirming this feature has been included in the GM driver, feature owner closes this issue.
Post GA
[ ] Remove the target:ga and target:YY00X labels, and add the appropriate release:YY00X. (OpenLiberty/release-manager)
Other Deliverables
[ ] Standalone Feature Blog Post - A blog post specifically about your feature or N/A. (Feature owner and OpenLiberty/release-architect)
This should be strongly considered for larger or more prominent features.
Description
Add functionality in Open Liberty to support the MP JWT Bridge specification: https://github.com/eclipse/microprofile-jwt-bridge:
The crux of the MP JWT Bridge specification is the creation of a new
@JwtAuthenticationMechanismDefinition
annotation used to define a JWT authentication mechanism for verifying JWT bearer tokens which are sent with HTTP Authorization or other headers.An example of the auth mechanism's usage is shown here:
Documents
When available, add links to required feature documents. Use "N/A" to mark particular documents which are not required by the feature.
Externally raised requests for enhancements:
Aha idea
Requested feature
UFO: Link to Upcoming Feature Overview document
FTS: Link to Feature Test Summary GH Issue
Beta Blog: Link to Beta Blog Post GH Issue
GA Blog: Link to GA Blog Post GH Issue
Process Overview
Prioritization
Design
Implementation
Legal and Translation
Beta
GA
Other Deliverables
General Instructions
The process steps occur roughly in the order as presented. Process steps occasionally overlap.
Each process step has a number of tasks which must be completed or must be marked as not applicable ("N/A").
Unless otherwise indicated, the tasks are the responsibility of the feature owner or a delegate of the feature owner.
If you need assistance, reach out to the OpenLiberty/release-architect.
Important: Labels are used to trigger particular steps and must be added as indicated.
Prioritization (Complete Before Development Starts)
The OpenLiberty/chief-architect and area leads are responsible for prioritizing the features and determining which features are being actively worked on.
Prioritization
[ ] Feature added to the "New" column of the Open Liberty project board
Prioritization - Requested
[ ] Priority assigned
Prioritization - Requested
label removed (OpenLiberty/project-manager or feature owner)Design (Complete Before Development Starts)
Design preliminaries determine whether a formal design, which will be provided by an Upcoming Feature Overview (UFO) document, must be created and reviewed. A formal design is required if the feature requires any of the following: UI, Serviceability, SVT, Performance testing, or non-trivial documentation/ID. Furthermore, each identified item places a blocking requirement on another team so it must be identified early in the process. The feature owner may check-off the item if they know it doesn't apply, but otherwise they should work with the focal point to determine what work, if any, will be necessary and make them aware of it.
Design Preliminaries
ID Required
, if non-trivial documentation needs to be created by the ID team.ID Required - Trivial
, if no design will be performed and only trivial ID updates are needed.Design
Design Review Request
Design Approval Request
Design Approved
No Design
No Design Approval Request
No Design Approved
Product Management Approval Request
and notifies OpenLiberty/product-managementProduct Management Approved
(OpenLiberty/product-management)FAT Documentation
[ ] "Feature Test Summary" child task created
Implementation
A feature must be prioritized before any implementation work may begin to be delivered (inaccessible/no-ship). However, a design focused approach should still be applied to features, and developers should think about the feature design prior to writing and delivering any code.
Besides being prioritized, a feature must also be socialized (or No Design Approved) before any beta code may be delivered. All new Liberty content must be inaccessible in our GA releases until it is Feature Complete by either marking it
kind=noship
or beta fencing it.Code may not GA until this feature has obtained the
Design Approved
orNo Design Approved
label, along with all other tasks outlined in the GA section.Feature Development Begins
In Progress
labelLegal and Translation
In order to avoid last minute blockers and significant disruptions to the feature, the legal items need to be done as early in the feature process as possible, either in design or as early into the development as possible. Similarly, translation is to be done concurrently with development. All items below MUST be completed before beta & GA is requested.
Innovation (Complete 1 week before Beta & GA Feature Complete Date)
Legal (Complete before Beta & GA Feature Complete Date)
Translation (Complete by Beta & GA Feature Complete Date)
[ ] PII (Program Integrated Information) updates are merged (i.e. all English strings due for translation have been delivered), or N/A.
Beta
In order to facilitate early feedback from users, all new features and functionality should first be released as part of a beta release.
Beta Code
kind=beta
,ibm:beta
,ProductInfo.getBetaEdition()
target:beta
and the appropriatetarget:YY00X-beta
(where YY00X is the targeted beta version).release:YY00X-beta
(where YY00X is the first beta version that included the functionality).Beta Blog (Complete by beta eGA)
[ ] Beta blog issue created and populated using the Open Liberty BETA blog post template.
GA
A feature is ready to GA after it is Feature Complete and has obtained all necessary Focal Point Approvals.
Feature Complete
Translation - Complete
orTranslation - Missing
labelrelease
branch, feature owner adds labelTranslation - Complete
.Translation - Missing
.Translation - Missing
label is replaced withTranslation - Complete
.Translation - Blocked
label.Translation - Blocked
may NOT proceed to GA until the label has been replaced with eitherTranslation - Missing
orTranslation - Complete
.target:ga
and the appropriatetarget:YY00X
(where YY00X is the targeted GA version).Focal Point Approvals (Complete by Feature Complete Date)
These occur only after GA of this feature is requested (by adding a
target:ga
label). GA of this feature may not occur until all approvals are obtained.All Features
focalApproved:externals
@OpenLiberty/demo-approvers Demo scheduled for EOI [Iteration Number]
to this issue.focalApproved:demo
.focalApproved:fat
.Design Approved Features
focalApproved:id
.focalApproved:instantOn
.focalApproved:performance
.focalApproved:sve
.focalApproved:ste
.focalApproved:svt
.Remove Beta Fencing (Complete by Feature Complete Date)
GA Blog (Complete by Friday after GM)
Post GM (Complete before GA)
Post GA
[ ] Remove the
target:ga
andtarget:YY00X
labels, and add the appropriaterelease:YY00X
. (OpenLiberty/release-manager)Other Deliverables
[ ] Standalone Feature Blog Post - A blog post specifically about your feature or N/A. (Feature owner and OpenLiberty/release-architect)
[ ] OL Guides - OL Guides assessment is complete or N/A. (OpenLiberty/guide-assessment)
[ ] Dev Experience - Developer Experience & Tools work is complete or N/A. (OpenLiberty/dev-experience-assessment)