Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
8.0.0-M1
Description
Repro steps
REST endpoint annotated with:
@RolesAllowed({"A", "B"})
reply with a 403 if the JWT used in the request doesn't have exactly the two A and B group of claims.
Expected Result
A valid request should be processed if and only if **at least one of the allowed roles is provided in the JWT group of claims.
Attachments
Issue Links
- relates to
-
TOMEE-2304 MicroProfile JWT Improve rest-mp-jwt Example
- Resolved
- links to