JSON Web Token and JASPIC

The Imixs Project started a new JSON Web Token project called Imixs-JWT.

Imixs-JWT is a compact easy to use library to generate and verify JSON Web Tokens. The library is based on maven and can be add with the following dependency available from Maven Central:

<dependency>
 <groupId>org.imixs.jwt</groupId>
 <artifactId>imixs-jwt</artifactId>
 <version>1.0.0</version>
</dependency>

The following example shows how to build a JWT in Java:

import org.imixs.jwt.*;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.SecretKey;

...
// We need a signing key...
SecretKey secretKey = HMAC.createKey("HmacSHA256", "secret".getBytes());
String payload="{\"sub\":\"1234567890\",\"name\":\"John Doe\",\"admin\":true}";
JWTBuilder builder = new JWTBuilder().setKey(secretKey).setJSONPayload(payload);
System.out.println("JWT=" + builder.getToken());

// will result in:
// eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
// eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.
// TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

JASPIC Auth Module for JWT

The project also provides a JASPIC authentication module. JASPIC is an authentication standard and can be used in Java EE application servers. The module was tested with Wildfly 10 and can be used also with different application servers.