ccleve
commented
6 years ago Implement JWT. Do it in a ContainerRequestFilter. Just register it like any other resource. Try to create a User object that implements UserPrincipal and set it in the filter in a SecurityContext. Inject SecurityContext into methods or services where needed. https://antoniogoncalves.org/2016/10/03/securing-jax-rs-endpoints-with-jwt/ SecurityFilter should look for either an apikey in an Auth header, or a cookie. Maybe.
In a separate module, add support for JWT authorization. Use a context filter. Make it easy to add custom properties to the token.