Connecting our client project using Microprofile JWT


In the previous article on how to Create Tokens with Microprofile JWT and JDBC Realm, we managed to have a project that provides us with tokens for our users and roles in our database.

It was pending to create a client that uses these tokens and allows them to make use of the APIs that this client exposes.

Source Code:

Client Project

This is a typical JakartaEE project with Microprofile 3.2. This time, the project will use DeltaSpike, which in the Spring world would be like your Spring Data, Nimbus Jose JWT to work with JSON Web Tokens (JWT), Microprofile Extension for Open API, finally Jakarta XML Binding.


This is a module used to simplify the implementation of the repository pattern. It is very similar to Spring Data. To query a database, we need to define a method declaration without implementation with @Query. The implementation will be done for us by the CDI extension.

The module requires an EntityManager to be injected by CDI. To achieve this we use a CDI producer.

The above assumes we have a persistence unit named "concentrador_pu" defined in the persistence.xml file:

If you have read our previous article you will recognize the jdbc/ecommerce that was created to be able to connect to our database in PostgreSQL.

The transaction strategy to use is:

There are 4 strategies:

  • BeanManagedUserTransactionStrategy
  • ResourceLocalTransactionStrategy
  • ContainerManagedTransactionStrategy
  • EnvironmentAwareTransactionStrategy

They all implement org.apache.deltaspike.jpa.spi.transaction.TransactionStrategy. Since I am going to use JTA I have to enable a strategy like BeanManagedUserTransactionStrategy in the beans.xml file according to the information in

There is also the where we will also establish the same strategy:

The end result is:

Implementing Repository

With the above, we can now implement the repository pattern. Does this implementation seem familiar to you?

Cors Filter

As our Rest APIs will be consumed by a SPA application made with angular or mobile made with Flutter, we are going to define a cors filter.


Now is the time to define our controllers.

How can you see so that we can execute the login method, you need to be authenticated and have either the USER role or the ADMIN role.

@RolesAllowed({ RolesEnum.Constants.ADMIN_VALUE,

Microprofile JWT

Microprofile allows us to do the previous validation in a very simple way. For that we need 2 things:

1. In the file place the accepted.issuer:

2. Place the public key that will allow validating the JWT tokens generated by the microprofile-jwt-provider project that we saw in the previous article.


In order to test our API, we first have to obtain a token with the JWT token provider project seen in the first article.

We declare that token in the section Authorization - Type: Bearer Token:

With that configuration we can test the API - Login without problems:

And in this way, we have demonstrated the use of Microprofile JWT with JakartaEE to have our APIs in a minimalist way.




0 comentarios:

Publicar un comentario