This tutorial guides you through building a secure REST API using Jakarta EE, Java 21, Open Liberty, and JWT (JSON Web Tokens) for authentication. We’ll use CDI (Contexts and Dependency Injection) for dependency management, a Java record for the data model, and JUnit 5 with JerseyTest (using Grizzly to emulate GlassFish) for integration testing. Additionally, we’ll add Mockito unit tests for the JwtGenerator and TaskResource classes to achieve 100% code coverage. Each code block includes detailed descriptions and inline comments, and diagrams illustrate the architecture. Links to external resources are provided for beginners.
Prerequisites
- Java 21 (e.g., OpenJDK or Oracle JDK)
- Maven (for building, see Maven Getting Started)
- Open Liberty (application server for runtime, see Open Liberty Guides)
- An IDE like IntelliJ IDEA or VS Code
- Basic knowledge of Jakarta EE, CDI, JAX-RS, Java records, and testing (see Jakarta EE Tutorial, Java Records Guide, and Mockito Guide)
- Familiarity with JerseyTest (see Jersey Testing Guide)
Project Overview
- Backend: A Jakarta EE application with a REST API for task management, secured with JWT authentication, running on Open Liberty.
- Authentication: Users log in to obtain a JWT, which is required to access protected endpoints.
- Features:
- Login endpoint to generate JWTs
- Protected endpoint to list tasks
- JWT validation for secure access
- Technologies:
- Java 21: For records and modern Java features.
- Jakarta EE: For JAX-RS, CDI, and JSON processing.
- Open Liberty: Application server for runtime.
- CDI: For dependency injection.
- Java Record: For the Task data model.
- JUnit 5 with JerseyTest and Grizzly: For integration testing.
- Mockito: For unit testing JwtGenerator and TaskResource with 100% coverage.
Architecture Diagram
Below is the architecture diagram for runtime and testing:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
Runtime: +-------------------+ HTTP Requests +-------------------+ | | <---------------------> | | | Client | | Open Liberty | | (e.g., Postman) | | (localhost:8080) | | | | | | - Sends JWT | | - JAX-RS APIs | | - HTTP Requests | | - JWT Auth | | | | - CDI Beans | | | | - Task Service | +-------------------+ +-------------------+ | v +-------------------+ | | | In-Memory Data | | (Simulated DB) | | | +-------------------+ Test (Integration): +-------------------+ HTTP Requests +-------------------+ | | <---------------------> | | | JUnit 5 Tests | | Grizzly | | (JerseyTest) | | (Test Container) | | | | | | - Simulate Client| | - JAX-RS APIs | | - Verify JWT | | - CDI Beans | | | | - Task Service | +-------------------+ +-------------------+ Test (Unit): +-------------------+ Mock Interactions +-------------------+ | | <---------------------> | | | JUnit 5 Tests | | Mocked Objects | | (Mockito) | | (TaskService, | | | | JwtGenerator) | | - Test Logic | | | | - 100% Coverage | | | +-------------------+ +-------------------+ |
Explanation:
- Runtime: The Client sends HTTP requests with a JWT to the Open Liberty server, which hosts the Jakarta EE app with JAX-RS endpoints, JWT authentication, CDI beans, and a Task record for data.
- Integration Test: JUnit 5 with JerseyTest uses Grizzly (emulating GlassFish’s JAX-RS runtime) to test the API endpoints and JWT validation.
- Unit Test: JUnit 5 with Mockito tests the JwtGenerator and TaskResource classes in isolation, mocking dependencies to achieve 100% code coverage. For more on testing strategies, see Baeldung’s Testing Guide.
Step 1: Set Up the Jakarta EE Project
1.1 Create the Maven Project
Create a Maven project with the following pom.xml, including dependencies for JerseyTest, Grizzly, Mockito, and Open Liberty:
xml
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 |
<?xml version="1.0" encoding="UTF-8"?> <!-- Maven project configuration --> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <!-- Specify Maven model version --> <modelVersion>4.0.0</modelVersion> <!-- Project coordinates --> <groupId>com.example</groupId> <artifactId>jwt-secure-api</artifactId> <version>1.0-SNAPSHOT</version> <packaging>war</packaging> <!-- Package as a WAR file for Open Liberty --> <!-- Project properties --> <properties> <!-- Use Java 21 --> <java.version>21</java.version> <!-- Specify Maven compiler settings --> <maven.compiler.source>21</maven.compiler.source> <maven.compiler.target>21</maven.compiler.target> <!-- Ensure UTF-8 encoding --> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <!-- Dependencies --> <dependencies> <!-- Jakarta EE API for JAX-RS, CDI, JSON-P, etc. --> <dependency> <groupId>jakarta.platform</groupId> <artifactId>jakarta.jakartaee-api</artifactId> <version>10.0.0</version> <scope>provided</scope> <!-- Provided by Open Liberty --> </dependency> <!-- MicroProfile JWT Auth for JWT handling --> <dependency> <groupId>org.eclipse.microprofile.jwt</groupId> <artifactId>microprofile-jwt-auth-api</artifactId> <version>2.1</version> <scope>provided</scope> <!-- Provided by Open Liberty --> </dependency> <!-- JJWT for generating JWTs --> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.12.6</version> </dependency> <!-- JUnit 5 for testing --> <dependency> <groupId>org.junit.jupiter</groupId> <artifactId>junit-jupiter-api</artifactId> <version>5.10.2</version> <scope>test</scope> <!-- Only for test phase --> </dependency> <dependency> <groupId>org.junit.jupiter</groupId> <artifactId>junit-jupiter-engine</artifactId> <version>5.10.2</version> <scope>test</scope> <!-- Only for test phase --> </dependency> <!-- Mockito for unit testing --> <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> <version>5.12.0</version> <scope>test</scope> <!-- Only for test phase --> </dependency> <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-junit-jupiter</artifactId> <version>5.12.0</version> <scope>test</scope> <!-- Mockito integration with JUnit 5 --> </dependency> <!-- Jersey Test Framework with Grizzly for integration testing --> <dependency> <groupId>org.glassfish.jersey.test-framework</groupId> <artifactId>jersey-test-framework-core</artifactId> <version>3.1.9</version> <scope>test</scope> <!-- Only for test phase --> </dependency> <dependency> <groupId>org.glassfish.jersey.test-framework.providers</groupId> <artifactId>jersey-test-framework-provider-grizzly2</artifactId> <version>3.1.9</version> <scope>test</scope> <!-- Use Grizzly as the test container --> </dependency> <!-- Jersey CDI integration for testing --> <dependency> <groupId>org.glassfish.jersey.ext.cdi</groupId> <artifactId>jersey-cdi1x</artifactId> <version>3.1.9</version> <scope>test</scope> <!-- For CDI in tests --> </dependency> <!-- Weld SE for CDI in tests --> <dependency> <groupId>org.jboss.weld.se</groupId> <artifactId>weld-se-core</artifactId> <version>5.1.2.Final</version> <scope>test</scope> <!-- CDI container for tests --> </dependency> </dependencies> <!-- Build configuration --> <build> <finalName>jwt-secure-api</finalName> <!-- Name of the WAR file --> <plugins> <!-- Maven WAR plugin for building WAR file --> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>3.4.0</version> <configuration> <failOnMissingWebXml>false</failOnMissingWebXml> <!-- No web.xml needed --> </configuration> </plugin> <!-- Liberty Maven plugin for running Open Liberty --> <plugin> <groupId>io.openliberty.tools</groupId> <artifactId>liberty-maven-plugin</artifactId> <version>3.10</version> <configuration> <serverName>defaultServer</serverName> <!-- Name of Liberty server --> </configuration> </plugin> <!-- Maven Surefire plugin for running JUnit tests --> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId> <version>3.2.5</version> </plugin> </plugins> </build> </project> |
Description: The pom.xml:
- Includes Jakarta EE, MicroProfile JWT, and JJWT for runtime.
- Adds JUnit 5, Mockito, JerseyTest (with Grizzly), and Weld SE for testing.
- Configures Open Liberty for runtime via the liberty-maven-plugin.
- Enables 100% unit test coverage with Mockito for JwtGenerator and TaskResource. For more on Maven, see Maven in 5 Minutes.
1.2 Configure Open Liberty
Create src/main/liberty/config/server.xml to configure the Open Liberty server:
xml
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
<?xml version="1.0" encoding="UTF-8"?> <!-- Open Liberty server configuration --> <server description="JWT Secure API Server"> <!-- Enable required features --> <featureManager> <!-- Jakarta EE 10 for JAX-RS, CDI, JSON-P --> <feature>jakartaee-10.0</feature> <!-- MicroProfile JWT for authentication --> <feature>mpJwt-2.1</feature> <!-- JSON Web Token support --> <feature>jwt-1.0</feature> </featureManager> <!-- Configure HTTP endpoint --> <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="8080" httpsPort="8443"/> <!-- Configure JWT authentication --> <mpJwt id="jwtConsumer" issuer="http://example.com" audiences="task-api" keyName="jwt-signing-key" /> <!-- Enable CDI --> <cdi/> <!-- Application configuration --> <webApplication id="jwt-secure-api" location="jwt-secure-api.war" contextRoot="/api"/> </server> |
Description: This file:
- Enables Jakarta EE 10 for JAX-RS, CDI, and JSON-P.
- Enables MicroProfile JWT for authentication.
- Sets the server to listen on port 8080.
- Configures JWT validation with issuer (example.com) and audience (task-api).
- Enables CDI and deploys the app at /api. For more, see Open Liberty Configuration.
Step 2: Implement the Backend
2.1 Create the Task Record
Create com.example.model.Task as a Java record:
java
|
1 2 3 4 5 6 |
package com.example.model; // Package declaration // Define a record for Task (immutable data structure) public record Task(Long id, String title, String description) { // No additional methods needed; record provides getters, equals, hashCode, toString } |
Description: This record:
- Defines an immutable Task with id, title, and description components.
- Automatically provides getters (id(), title(), description()), equals(), hashCode(), and toString().
- Reduces boilerplate compared to a POJO, ideal for data transfer. For more, see Java Records Guide.
2.2 Create the Task Service
Create com.example.service.TaskService to manage tasks:
java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
package com.example.service; // Package declaration import com.example.model.Task; // Import Task record import jakarta.enterprise.context.ApplicationScoped; // Import for CDI scope import java.util.ArrayList; // Import for List implementation import java.util.List; // Import for List type // Mark this class as a CDI bean with application scope @ApplicationScoped public class TaskService { // In-memory list to store tasks private final List<Task> tasks = new ArrayList<>(); // Constructor to initialize sample tasks public TaskService() { // Add sample tasks using Task record tasks.add(new Task(1L, "Task 1", "First task description")); tasks.add(new Task(2L, "Task 2", "Second task description")); } // Get all tasks public List<Task> getAllTasks() { // Return a copy of the tasks list return new ArrayList<>(tasks); } } |
Description: This CDI bean:
- Uses @ApplicationScoped for a single instance.
- Stores tasks in an in-memory List (simulating a database).
- Initializes sample tasks with the Task record.
- Returns a defensive copy of tasks to maintain immutability. For more on CDI, see CDI Guide.
2.3 Create the JWT Generator
Create com.example.auth.JwtGenerator to generate JWTs:
java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
package com.example.auth; // Package declaration import io.jsonwebtoken.Jwts; // Import for JWT creation import io.jsonwebtoken.SignatureAlgorithm; // Import for signing algorithm import jakarta.enterprise.context.ApplicationScoped; // Import for CDI scope import java.security.Key; // Import for signing key import java.time.Instant; // Import for timestamp import java.util.Date; // Import for expiration date import javax.crypto.spec.SecretKeySpec; // Import for secret key // Mark this class as a CDI bean with application scope @ApplicationScoped public class JwtGenerator { // Secret key for signing JWT (in production, use a secure key) private static final String SECRET = "my-super-secret-key-1234567890abcdef"; // Issuer of the JWT private static final String ISSUER = "http://example.com"; // Audience of the JWT private static final String AUDIENCE = "task-api"; // Generate a JWT for a given user public String generateJwt(String username) { // Create signing key from secret Key key = new SecretKeySpec(SECRET.getBytes(), SignatureAlgorithm.HS256.getJcaName()); // Set expiration to 1 hour from now Instant now = Instant.now(); Date expiration = Date.from(now.plusSeconds(3600)); // Build JWT with claims return Jwts.builder() .setSubject(username) // Set username as subject .setIssuer(ISSUER) // Set issuer .setAudience(AUDIENCE) // Set audience .setIssuedAt(Date.from(now)) // Set issuance time .setExpiration(expiration) // Set expiration time .signWith(key, SignatureAlgorithm.HS256) // Sign with HS256 .compact(); // Generate compact JWT string } } |
Description: This CDI bean:
- Generates JWTs using the JJWT library.
- Uses a hardcoded secret (in production, use environment variables or a vault).
- Sets issuer, audience, and a 1-hour expiration, matching server.xml. For more on JWTs, see JWT Introduction.
2.4 Create the REST API
Create com.example.rest.TaskResource for the REST endpoints:
java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
package com.example.rest; // Package declaration import com.example.auth.JwtGenerator; // Import JWT generator import com.example.model.Task; // Import Task record import com.example.service.TaskService; // Import Task service import jakarta.annotation.security.RolesAllowed; // Import for role-based access import jakarta.inject.Inject; // Import for CDI injection import jakarta.ws.rs.*; // Import for JAX-RS annotations import jakarta.ws.rs.core.MediaType; // Import for media type import jakarta.ws.rs.core.Response; // Import for HTTP responses import java.util.List; // Import for List type // Mark this class as a JAX-RS resource @Path("/tasks") @Produces(MediaType.APPLICATION_JSON) // Produce JSON responses @Consumes(MediaType.APPLICATION_JSON) // Accept JSON requests public class TaskResource { // Inject TaskService via CDI @Inject private TaskService taskService; // Inject JwtGenerator via CDI @Inject private JwtGenerator jwtGenerator; // Login endpoint to generate JWT @POST @Path("/login") public Response login(@QueryParam("username") String username) { // Generate JWT for the user String jwt = jwtGenerator.generateJwt(username); // Return JWT in response return Response.ok(new JwtResponse(jwt)).build(); } // Protected endpoint to get all tasks @GET @RolesAllowed("user") // Restrict to users with "user" role public List<Task> getAllTasks() { // Return all tasks from the service return taskService.getAllTasks(); } } // Simple class to wrap JWT response class JwtResponse { // JWT string private final String jwt; // Constructor public JwtResponse(String jwt) { this.jwt = jwt; } // Getter for JWT public String getJwt() { return jwt; } } |
Description: This JAX-RS resource:
- Defines /tasks with JSON input/output.
- Provides /login to generate a JWT and /tasks to list tasks, protected with @RolesAllowed(“user”).
- Uses CDI to inject TaskService and JwtGenerator.
- The Task record ensures compatibility with JSON serialization. For more on JAX-RS, see JAX-RS Guide.
2.5 Configure JAX-RS Application
Create com.example.rest.JaxRsActivator to activate JAX-RS:
java
|
1 2 3 4 5 6 7 8 9 10 |
package com.example.rest; // Package declaration import jakarta.ws.rs.ApplicationPath; // Import for JAX-RS application path import jakarta.ws.rs.core.Application; // Import for JAX-RS application // Mark this class as the JAX-RS application @ApplicationPath("/api") public class JaxRsActivator extends Application { // No additional configuration needed } |
Description: This sets the JAX-RS base path to /api, making endpoints accessible at /api/tasks. For more, see JAX-RS Application Setup.
Step 3: Test the Application
3.1 Unit Tests with Mockito
To achieve 100% code coverage for JwtGenerator and TaskResource, we’ll write Mockito unit tests that mock dependencies and test all methods and branches.
3.1.1 Unit Test for JwtGenerator
Create src/test/java/com.example.auth.JwtGeneratorTest:
java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
package com.example.auth; // Package declaration import io.jsonwebtoken.Claims; // Import for JWT claims import io.jsonwebtoken.Jwts; // Import for JWT parsing import org.junit.jupiter.api.Test; // Import for JUnit tests import org.junit.jupiter.api.extension.ExtendWith; // Import for Mockito extension import org.mockito.junit.jupiter.MockitoExtension; // Import for Mockito with JUnit 5 import java.security.Key; // Import for signing key import java.util.Date; // Import for date handling import static org.junit.jupiter.api.Assertions.*; // Import for assertions // Enable Mockito for JUnit 5 @ExtendWith(MockitoExtension.class) public class JwtGeneratorTest { // Instance of JwtGenerator to test private final JwtGenerator jwtGenerator = new JwtGenerator(); // Test JWT generation @Test public void testGenerateJwt() { // Generate JWT for a test user String username = "testuser"; String jwt = jwtGenerator.generateJwt(username); // Verify JWT is not null assertNotNull(jwt); // Parse JWT to verify claims Claims claims = Jwts.parserBuilder() .setSigningKey("my-super-secret-key-1234567890abcdef".getBytes()) // Use same secret as JwtGenerator .build() .parseClaimsJws(jwt) .getBody(); // Verify subject assertEquals(username, claims.getSubject()); // Verify issuer assertEquals("http://example.com", claims.getIssuer()); // Verify audience assertEquals("task-api", claims.getAudience()); // Verify issued at assertNotNull(claims.getIssuedAt()); // Verify expiration assertNotNull(claims.getExpiration()); // Verify expiration is in the future assertTrue(claims.getExpiration().after(new Date())); } } |
Description: This test:
- Tests the generateJwt method, covering 100% of JwtGenerator’s code.
- Verifies the JWT’s subject, issuer, audience, issuance time, and expiration.
- Uses JJWT to parse the JWT and check claims.
- Ensures the secret key matches JwtGenerator’s hardcoded key. For more on Mockito, see Mockito Guide.
3.1.2 Unit Test for TaskResource
Create src/test/java/com.example.rest.TaskResourceTest:
java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
package com.example.rest; // Package declaration import com.example.auth.JwtGenerator; // Import JWT generator import com.example.model.Task; // Import Task record import com.example.service.TaskService; // Import Task service import jakarta.ws.rs.core.Response; // Import for HTTP responses import org.junit.jupiter.api.BeforeEach; // Import for setup method import org.junit.jupiter.api.Test; // Import for JUnit tests import org.junit.jupiter.api.extension.ExtendWith; // Import for Mockito extension import org.mockito.InjectMocks; // Import for injecting mocks import org.mockito.Mock; // Import for creating mocks import org.mockito.junit.jupiter.MockitoExtension; // Import for Mockito with JUnit 5 import java.util.List; // Import for List type import static org.junit.jupiter.api.Assertions.*; // Import for assertions import static org.mockito.Mockito.*; // Import for Mockito stubbing // Enable Mockito for JUnit 5 @ExtendWith(MockitoExtension.class) public class TaskResourceTest { // Mock TaskService dependency @Mock private TaskService taskService; // Mock JwtGenerator dependency @Mock private JwtGenerator jwtGenerator; // Inject mocks into TaskResource @InjectMocks private TaskResource taskResource; // Setup before each test @BeforeEach public void setup() { // Initialize mocks (handled by MockitoExtension) } // Test login endpoint @Test public void testLogin() { // Arrange String username = "testuser"; String expectedJwt = "mocked-jwt"; when(jwtGenerator.generateJwt(username)).thenReturn(expectedJwt); // Mock JwtGenerator // Act Response response = taskResource.login(username); // Assert assertEquals(200, response.getStatus()); // Verify status is 200 OK JwtResponse jwtResponse = (JwtResponse) response.getEntity(); assertEquals(expectedJwt, jwtResponse.getJwt()); // Verify JWT verify(jwtGenerator).generateJwt(username); // Verify interaction } // Test getAllTasks endpoint @Test public void testGetAllTasks() { // Arrange List<Task> tasks = List.of( new Task(1L, "Task 1", "First task description"), new Task(2L, "Task 2", "Second task description") ); when(taskService.getAllTasks()).thenReturn(tasks); // Mock TaskService // Act List<Task> result = taskResource.getAllTasks(); // Assert assertEquals(tasks, result); // Verify returned tasks verify(taskService).getAllTasks(); // Verify interaction } } |
Description: This test:
- Achieves 100% coverage for TaskResource by testing login and getAllTasks.
- Mocks TaskService and JwtGenerator using @Mock.
- Injects mocks into TaskResource with @InjectMocks.
- Verifies HTTP status, response data, and mock interactions. Note: The @RolesAllowed(“user”) annotation is not tested here, as it’s enforced by the container (Open Liberty). Integration tests with JerseyTest cover this. For more on Mockito, see Baeldung’s Mockito Tutorial.
3.2 Integration Tests with JerseyTest
Create src/test/java/com.example.rest.TaskResourceIntegrationTest for integration tests using JerseyTest with Grizzly:
java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
package com.example.rest; // Package declaration import com.example.auth.JwtGenerator; // Import JWT generator import com.example.model.Task; // Import Task record import jakarta.ws.rs.core.Application; // Import for JAX-RS application import jakarta.ws.rs.core.Response; // Import for HTTP responses import org.glassfish.jersey.server.ResourceConfig; // Import for Jersey configuration import org.glassfish.jersey.test.JerseyTest; // Import for JerseyTest framework import org.glassfish.jersey.test.grizzly.GrizzlyTestContainerFactory; // Import for Grizzly container import org.glassfish.jersey.test.spi.TestContainerFactory; // Import for test container import org.junit.jupiter.api.Test; // Import for JUnit tests import static org.junit.jupiter.api.Assertions.assertEquals; // Import for assertions // JUnit 5 integration test class for TaskResource using JerseyTest public class TaskResourceIntegrationTest extends JerseyTest { // JWT generator for creating test tokens private final JwtGenerator jwtGenerator = new JwtGenerator(); // Configure the test container to use Grizzly @Override protected TestContainerFactory getTestContainerFactory() { // Use Grizzly as the test container (lightweight GlassFish alternative) return new GrizzlyTestContainerFactory(); } // Configure the JAX-RS application for testing @Override protected Application configure() { // Create a ResourceConfig for the TaskResource ResourceConfig config = new ResourceConfig(TaskResource.class); // Enable CDI (Weld SE is used in tests) config.property("jersey.config.server.provider.packages", "com.example"); return config; } // Test login endpoint @Test public void testLogin() { // Call the login endpoint with a username Response response = target("/tasks/login") .queryParam("username", "testuser") .request() .post(null); // Verify response status is 200 OK assertEquals(200, response.getStatus()); // Extract JWT from response String jwt = response.readEntity(JwtResponse.class).getJwt(); // Verify JWT is not null assertEquals("testuser", decodeJwtSubject(jwt)); } // Test protected endpoint with valid JWT @Test public void testGetTasksWithValidJwt() { // Generate a JWT for testing String jwt = jwtGenerator.generateJwt("testuser"); // Call the tasks endpoint with JWT Response response = target("/tasks") .request() .header("Authorization", "Bearer " + jwt) .get(); // Verify response status is 200 OK assertEquals(200, response.getStatus()); // Extract tasks from response Task[] tasks = response.readEntity(Task[].class); // Verify first task title assertEquals("Task 1", tasks[0].title()); } // Test protected endpoint without JWT @Test public void testGetTasksWithoutJwt() { // Call the tasks endpoint without JWT Response response = target("/tasks") .request() .get(); // Verify response status is 401 Unauthorized assertEquals(401, response.getStatus()); } // Helper method to decode JWT subject (simplified for testing) private String decodeJwtSubject(String jwt) { // Split JWT and extract payload (in production, use JJWT library) String[] parts = jwt.split("\\."); // Decode base64 payload (simplified, assumes no padding issues) String payload = new String(java.util.Base64.getDecoder().decode(parts[1])); // Extract subject (simplified, assumes JSON structure) return payload.split("\"sub\":\"")[1].split("\"")[0]; } } |
Description: This integration test:
- Uses JerseyTest with Grizzly to simulate the JAX-RS runtime.
- Tests the /login endpoint, the /tasks endpoint with a valid JWT, and the /tasks endpoint without a JWT.
- Simplifies JWT validation due to Grizzly’s lack of full MicroProfile JWT support (in production, use Open Liberty for integration tests). For more, see Jersey Test Framework.
3.3 Run the Application and Tests
- Start Open Liberty (for runtime):
bash
|
1 |
mvn liberty:run |
The API is available at http://localhost:8080/api.
- Test the API using Postman or curl:
- Login:bash
curl -X POST "http://localhost:8080/api/tasks/login?username=testuser"Response: {“jwt”:”eyJhbG…”} - Get Tasks (with JWT):bash
curl -H "Authorization: Bearer <your-jwt>" http://localhost:8080/api/tasksResponse: [{“id”:1,”title”:”Task 1″,”description”:”First task description”}, …] - Get Tasks (without JWT):bash
curl http://localhost:8080/api/tasksResponse: 401 Unauthorized
- Login:bash
- Run Tests:
bash
|
1 |
mvn test |
This runs both unit tests (Mockito) and integration tests (JerseyTest), achieving 100% coverage for JwtGenerator and TaskResource.
Why? The liberty:run command starts Open Liberty, and mvn test executes all tests. For more, see Open Liberty Testing Guide.
Step 4: Verify Code Coverage
To confirm 100% coverage for JwtGenerator and TaskResource:
- Use a tool like JaCoCo by adding the JaCoCo Maven plugin to pom.xml:
xml
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
<plugin> <groupId>org.jacoco</groupId> <artifactId>jacoco-maven-plugin</artifactId> <version>0.8.12</version> <executions> <execution> <goals> <goal>prepare-agent</goal> </goals> </execution> <execution> <id>report</id> <phase>test</phase> <goals> <goal>report</goal> </goals> </execution> </executions> </plugin> |
- Run tests with coverage:bash
mvn test - Check the coverage report in target/site/jacoco/index.html.
The Mockito tests cover all lines and branches in JwtGenerator and TaskResource, ensuring 100% coverage for these classes.
Step 5: Deploying the Application (Optional)
To deploy:
- Package the app:bash
mvn clean package - Deploy target/jwt-secure-api.war to an Open Liberty server in production. See Open Liberty Deployment Guide.
Security Considerations
- Secure Key Management: Store the JWT signing key in environment variables or a vault.
- HTTPS: Enable HTTPS in server.xml for production.
- JWT Validation in Tests: The integration tests simplify JWT validation. For production, use Open Liberty or a mock JWT authenticator in JerseyTest.
- Role Mapping: Configure role mappings in server.xml for granular access.
For more, see Open Liberty Security Guide.
Conclusion
You’ve built a secure REST API using Jakarta EE, Java 21, Open Liberty, and JWT authentication, with:
- A Java record for the Task model, ensuring immutability.
- CDI for dependency injection.
- JerseyTest with Grizzly for integration testing.
- Mockito unit tests for JwtGenerator and TaskResource, achieving 100% code coverage.
- MicroProfile JWT for authentication.
The /login endpoint generates JWTs, and the /tasks endpoint requires a valid JWT. Detailed comments, diagrams, and comprehensive tests ensure clarity and reliability.
Next Steps
- Add a database with Jakarta Persistence (JPA).
- Integrate with Keycloak for authentication.
- Enhance tests with full JWT validation in JerseyTest or Open Liberty.
For further learning: