Skip to content

feat: lock gprc enpoints thought grpc bridge #12949

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
yurem wants to merge 29 commits into
base: main
Choose a base branch
from
+2,934 −616
Open

feat: lock gprc enpoints thought grpc bridge #12949

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
bb601fb
feat(jans-auth): remove old jackson2 dependency
yurem Dec 23, 2025
18cd5cf
fix(jans-auth): remove not required test dependecies
yurem Dec 23, 2025
e1fa440
Merge branch 'main' into jans-auth_old_deps
yurem Dec 23, 2025
b8af25a
Merge branch 'main' into jans-auth_old_deps
yurem Dec 23, 2025
655a8cf
feat(jans-lock): add gRpc endpoints
yurem Jan 2, 2026
d07e08a
feat(jans-lock): resuse cedarling and openid services for grpc endpoints
yurem Jan 6, 2026
dca1f00
Merge branch 'main' into lock-gprc
yurem Jan 6, 2026
5704f40
feat(jans-lock): update headers
yurem Jan 6, 2026
991c05c
Merge branch 'lock-gprc' of https://github.com/JanssenProject/jans in…
yurem Jan 6, 2026
d2631c5
feat(jans-lock): update headers
yurem Jan 6, 2026
1202aaf
feat(jnas-lock): clean up pom.xml
yurem Jan 6, 2026
592a691
feat(jans-lock): allow run native grpc endpoints with TLS
yurem Jan 8, 2026
6b8635b
feat(jans-lock): add config options for TLS gRPC
yurem Jan 9, 2026
6d16449
feat(jans-lock): fix imports
yurem Jan 9, 2026
05dbdc9
feat(jans-lock): add workaround to inject generated gRPC services with
yurem Jan 12, 2026
a37444f
feat(jans-lock): remove resteasy grpc bridge servlet
yurem Jan 14, 2026
25c337f
feat(jans-lock): get client ip in gRPC interceptor and store in context
yurem Jan 14, 2026
ab85976
feat(jans-lock): add gRPC servlet adapter
yurem Jan 15, 2026
a54f4ad
feat(core): use grpc-bom to specify grpc dependecies acrsoo projects
yurem Jan 15, 2026
1493885
feat(jans-lock): update jans-lock swagger to include grpc configuration
yurem Jan 15, 2026
449bb18
feat(jans-lock): update headers
yurem Jan 15, 2026
0b58a29
feat(jans-lock): convert headers before calling gRPC adapter to conform
yurem Jan 20, 2026
46af6fc
feat(jans-lock): wrap uri specific methods to allow deploy app under
yurem Jan 20, 2026
b3f7cde
Merge branch 'main' into lock-gprc
yurem Jan 21, 2026
732d759
feat(jans-linux-setup): support gRPC apache2 proxy
devrimyatar Jan 21, 2026
23fda12
Merge branch 'main' into lock-gprc
yurem Jan 22, 2026
eabd271
feat(jans-lock):
yurem Jan 22, 2026
5c6e17f
Merge branch 'lock-gprc' of https://github.com/JanssenProject/jans in…
yurem Jan 22, 2026
69cb3c3
Merge branch 'main' into lock-gprc
yurem Jan 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions jans-bom/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@
<httpclient.version>4.5.14</httpclient.version>

<resteasy.version>6.2.12.Final</resteasy.version>
<grpc.version>1.78.0</grpc.version>
<grpc-bridge.version>1.0.0.Final</grpc-bridge.version>
<richfaces.version>4.5.19-gluu.Final</richfaces.version>
Comment on lines 27 to 30
Copy link
Contributor

@coderabbitai coderabbitai bot Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

resteasy-grpc-bom 1.0.0.Final compatibility RESTEasy 6.2.12

💡 Result:

Short answer: Yes — resteasy-grpc-bom 1.0.0.Final is compatible with RESTEasy 6.2.12.Final.

Why: the resteasy-grpc-bom:1.0.0.Final BOM manages jakarta.ws.rs 3.1.x and other Jakarta 3 / RESTEasy 6-era artifacts and explicitly includes dev.resteasy.grpc:grpc-bridge:1.0.0.Final, so it is intended to be used with RESTEasy 6.x (RESTEasy 6.2.12.Final is a 6.x release). See the BOM managed deps and the RESTEasy 6.2.12.Final release announcement. [1][2][3]

Sources:

  • resteasy-grpc-bom:1.0.0.Final (managed deps showing jakarta.ws.rs 3.1.x, grpc-bridge 1.0.0.Final). [1]
  • RESTEasy 6.2.12.Final release notes. [2]
  • RESTEasy 6.2.12.Final artifact / BOM listing. [3]

🏁 Script executed:

# Let's also check the pom.xml structure to understand how these dependencies are used
find . -name "pom.xml" -path "*/jans-bom/*" | head -5

Repository: JanssenProject/jans

Length of output: 81

🏁 Script executed:

# Find and examine the jans-bom/pom.xml file
cat -n jans-bom/pom.xml | head -100

Repository: JanssenProject/jans

Length of output: 4514

🏁 Script executed:

# Check lines around 694-710 where this also applies
sed -n '690,720p' jans-bom/pom.xml

Repository: JanssenProject/jans

Length of output: 770

🌐 Web query:

grpc-bom 1.78.0 grpc-bridge 1.0.0.Final compatibility

💡 Result:

Short answer: there’s no published incompatibility between io.grpc:grpc-bom:1.78.0 and the resteasy-grpc "grpc-bridge" 1.0.0.Final series, but resteasy-grpc does not declare or guarantee a specific grpc-java BOM version in its public docs — so you should test your build/runtime combination. Sources: grpc-bom artifact page and the resteasy-grpc project docs. [1][2]

What I recommend

  • Try building your project with io.grpc:grpc-bom:1.78.0 and grpc-bridge 1.0.0.Final; run your unit/integration tests (particularly any generated bridging code and runtime startup).
  • If you hit dependency conflicts at build time, prefer importing grpc-bom (to control io.grpc versions) and adjust exclusions or alignment in your POM/Gradle. See the grpc BOM and resteasy-grpc docs for usage. [1][2]

Sources

  1. io.grpc:grpc-bom (Maven Central / mvnrepository). [3]
  2. resteasy-grpc / grpc-bridge user docs and blog posts (RESTEasy project). [4][5]

If you want, I can: (a) check the grpc-bridge 1.0.0.Final POM for its io.grpc dependency versions, or (b) run a quick sample Maven/Gradle dependency resolution to show exactly which versions would be selected. Which would you prefer?

🌐 Web query:

grpc-bridge 1.0.0.Final POM managed dependencies grpc-java version

💡 Result:

The RESTEasy gRPC BOM (which includes grpc-bridge 1.0.0.Final) manages io.grpc's protoc-gen-grpc-java at version 1.73.0. [1]

Source: resteasy-grpc-bom (dev.resteasy.grpc:resteasy-grpc-bom:1.0.0.Final) managed-dependencies. [1]

🏁 Script executed:

# Search for any test or usage patterns in the repo that might show this combination working
rg -i "grpc.*1\.78" --type xml
rg -i "grpc-bridge.*1\.0\.0" --type xml

Repository: JanssenProject/jans

Length of output: 345

Verify and test gRPC 1.78.0 with resteasy-grpc-bom 1.0.0.Final.

While resteasy-grpc-bom 1.0.0.Final is compatible with RESTEasy 6.2.12.Final, note that resteasy-grpc-bom manages protoc-gen-grpc-java at version 1.73.0, whereas the BOM uses gRPC 1.78.0 (which includes protoc-gen-grpc-java 1.78.0). Although gRPC maintains backward compatibility across patch/minor versions, this version mismatch should be validated via build and runtime testing to rule out classpath conflicts.

🤖 Prompt for AI Agents 
In `@jans-bom/pom.xml` around lines 27 - 30, The pom declares
<grpc.version>1.78.0</grpc.version> while resteasy-grpc-bom:1.0.0.Final manages
protoc-gen-grpc-java at 1.73.0; to fix, run a full build and runtime smoke tests
to validate gRPC 1.78.0 with resteasy-grpc-bom 1.0.0.Final, and if you observe
classpath or plugin incompatibilities, either align versions by setting the
protoc-gen-grpc-java plugin version to 1.78.0 (override the plugin managed by
resteasy-grpc-bom) or downgrade grpc.version to 1.73.0 so they match; locate
these properties in the pom (grpc.version, grpc-bridge.version, and the
resteasy-grpc-bom import) and update or add the plugin override accordingly,
then re-run CI and integration tests to confirm no conflicts.

<weld.version>4.0.3.Final</weld.version>

Expand Down Expand Up @@ -685,8 +687,26 @@
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-bom</artifactId>
<version>${resteasy.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>

<!-- gRPC -->
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-bom</artifactId>
<version>${grpc.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>

<!-- RESTEasy gRPC Bridge -->
<dependency>
<groupId>dev.resteasy.grpc</groupId>
<artifactId>resteasy-grpc-bom</artifactId>
<version>${grpc-bridge.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>

<!-- JSON -->
Expand Down Expand Up @@ -1099,6 +1119,16 @@
<artifactId>maven-antrun-plugin</artifactId>
<version>3.1.0</version>
</plugin>
<plugin>
<groupId>org.xolstice.maven.plugins</groupId>
<artifactId>protobuf-maven-plugin</artifactId>
<version>0.6.1</version>
</plugin>
<plugin>
<groupId>kr.motd.maven</groupId>
<artifactId>os-maven-plugin</artifactId>
<version>1.7.1</version>
</plugin>
</plugins>
</pluginManagement>
</build>
Expand Down
2 changes: 2 additions & 0 deletions jans-config-api/plugins/docs/fido2-plugin-swagger.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -574,6 +574,8 @@ components:
type: boolean
disableJdkLogger:
type: boolean
disableExternalLoggerConfiguration:
type: boolean
loggingLevel:
type: string
loggingLayout:
Expand Down
160 changes: 138 additions & 22 deletions jans-config-api/plugins/docs/lock-plugin-swagger.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -615,106 +615,193 @@ components:
properties:
dn:
type: string
engineStatus:
type: object
additionalProperties:
type: string
baseDn:
type: string
inum:
type: string
creationDate:
type: string
description: Creation date of the entry
format: date-time
example: 2024-04-21T17:25:43-05:00
eventTime:
type: string
description: Time when the event occurred
format: date-time
example: 2024-04-21T18:25:43-05:00
service:
type: string
description: Service name
example: jans-auth
nodeName:
type: string
description: Node name or identifier
example: "1"
status:
type: string
engineStatus:
type: string
baseDn:
type: string
inum:
type: string
description: Health status
example: ok
enum:
- ok
- warning
- error
description: Health audit entry
LogEntry:
type: object
properties:
dn:
type: string
baseDn:
type: string
inum:
type: string
creationDate:
type: string
description: Creation date of the entry
format: date-time
example: 2024-04-21T18:25:43-05:00
eventTime:
type: string
description: Time when the event occurred
format: date-time
example: 2024-04-21T18:25:43-05:00
service:
type: string
description: Service name
example: jans-auth
nodeName:
type: string
description: Node name or identifier
example: "1"
eventType:
type: string
severetyLevel:
description: Type of event
example: registration
severityLevel:
type: string
description: Severity level
example: warning
enum:
- info
- warning
- error
- critical
action:
type: string
description: Action performed
example: ACTION_NAME_3
decisionResult:
type: string
description: Decision result
example: allow
enum:
- allow
- deny
requestedResource:
type: string
princiaplId:
description: Requested resource as JSON string
example: "{\"t1\":\"value1\",\"t2\":\"value2\"}"
principalId:
type: string
description: Principal (user) identifier
example: ACC0001
clientId:
type: string
description: Client identifier
example: CLI001
jti:
type: string
description: JWT ID - unique identifier for the token
example: 550e8400-e29b-41d4-a716-446655440000
contextInformation:
type: object
additionalProperties:
type: string
baseDn:
type: string
inum:
type: string
description: Additional context information as key-value pairs
description: Additional context information as key-value pairs
description: Log audit entry
TelemetryEntry:
type: object
properties:
dn:
type: string
baseDn:
type: string
inum:
type: string
creationDate:
type: string
description: Creation date of the entry
format: date-time
example: 2024-04-21T18:25:43-05:00
eventTime:
type: string
description: Time when the event occurred
format: date-time
example: 2024-04-21T18:25:43-05:00
service:
type: string
description: Service name
example: jans-auth
nodeName:
type: string
description: Node name or identifier
example: "1"
status:
type: string
description: Service status
example: ok
enum:
- ok
- warning
- error
lastPolicyLoadSize:
type: integer
format: int32
description: Size of the last policy load in bytes
format: int64
example: 1024
policySuccessLoadCounter:
type: integer
description: Number of successful policy loads
format: int64
example: 100
policyFailedLoadCounter:
type: integer
description: Number of failed policy loads
format: int64
example: 3
lastPolicyEvaluationTimeNs:
type: integer
format: int32
description: Last policy evaluation time in nanoseconds
format: int64
example: 100
avgPolicyEvaluationTimeNs:
type: integer
format: int32
description: Average policy evaluation time in nanoseconds
format: int64
example: 75
memoryUsage:
type: integer
description: Memory usage in bytes
format: int64
example: 2097152
evaluationRequestsCount:
type: integer
description: Total number of evaluation requests
format: int64
example: 100
policyStats:
type: object
additionalProperties:
type: string
baseDn:
type: string
inum:
type: string
memoryUsage:
type: string
type: integer
description: Additional policy statistics as key-value pairs
format: int64
description: Additional policy statistics as key-value pairs
description: Telemetry audit entry
ApiError:
type: object
properties:
Expand Down Expand Up @@ -751,6 +838,8 @@ components:
- config-api
cedarlingConfiguration:
$ref: "#/components/schemas/CedarlingConfiguration"
grpcConfiguration:
$ref: "#/components/schemas/GrpcConfiguration"
statEnabled:
type: boolean
description: Active stat enabled
Expand All @@ -773,6 +862,8 @@ components:
disableJdkLogger:
type: boolean
description: Choose whether to disable JDK loggers
disableExternalLoggerConfiguration:
type: boolean
loggingLevel:
type: string
description: Specify the logging level of loggers
Expand Down Expand Up @@ -839,6 +930,31 @@ components:
type: string
description: External policy store URI
description: Cedarling configuration
GrpcConfiguration:
type: object
properties:
serverMode:
type: string
description: gRPC server mode
enum:
- disabled
- bridge
- plain_server
- tls_server
grpcPort:
type: integer
description: Specify grpc port
format: int32
useTls:
type: boolean
description: Use TLS for gRPC communication
tlsCertChainFilePath:
type: string
description: TLS Cert Chain File Path
tlsPrivateKeyFilePath:
type: string
description: TLS Private Key File Path
description: gRPC server configuration
PolicySource:
type: object
properties:
Expand Down
2 changes: 2 additions & 0 deletions jans-core/service/src/main/java/io/jans/service/security/api/ProtectedApi.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,6 @@
*/
String[] scopes() default {};

String grpcMethodName() default "";

}
14 changes: 14 additions & 0 deletions ...e/service/src/main/java/io/jans/service/security/protect/BaseAuthorizationProtection.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
/*
* Janssen Project software is available under the Apache License (2004). See http://www.apache.org/licenses/ for full text.
*
* Copyright (c) 2025, Janssen Project
*/

package io.jans.service.security.protect;

import jakarta.ws.rs.container.ResourceInfo;
import jakarta.ws.rs.core.Response;

public interface BaseAuthorizationProtection {
Response processAuthorization(String bearerToken, ResourceInfo resourceInfo);
}
7 changes: 4 additions & 3 deletions jans-linux-setup/jans_setup/schema/jans_schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4078,10 +4078,10 @@
"x_origin": "Jans created attribute"
},
{
"desc": "severetyLevel",
"desc": "severityLevel",
"equality": "caseIgnoreMatch",
"names": [
"severetyLevel"
"severityLevel"
],
"oid": "jansAttr",
"substr": "caseIgnoreSubstringsMatch",
Expand Down Expand Up @@ -6094,12 +6094,13 @@
"jansService",
"jansNodeName",
"eventType",
"severetyLevel",
"severityLevel",
"actionName",
"decisionResult",
"requestedResource",
"principalId",
"clientId",
"jti",
"contextInformation"
],
"must": [
Expand Down
2 changes: 1 addition & 1 deletion jans-linux-setup/jans_setup/setup_app/data/jetty_app_configuration.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@
"ratio": 0.10
},
"jetty": {
"modules": "server,resources,http,http-forwarded,console-capture,ee9-jsp,ee9-deploy,ee9-websocket-jakarta,ee9-cdi-decorate"
"modules": "server,resources,http,http-forwarded,console-capture,ee9-jsp,ee9-deploy,ee9-websocket-jakarta,ee9-cdi-decorate,http2c"
},
"installed": false,
"name": "jans-lock"
Expand Down
2 changes: 2 additions & 0 deletions jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@ def __init__(self):

def install(self):
self.make_pairwise_calculation_salt()
if Config.install_jans_lock:
self.jetty_app_configuration[self.service_name]['jetty']['modules'] += ',http2c'
self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
Comment on lines +59 to 61
Copy link
Contributor

@coderabbitai coderabbitai bot Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

Potential duplicate module addition on repeated calls.

The string concatenation += ',http2c' mutates jetty_app_configuration in-place. If install() is called multiple times (e.g., during retries or testing), http2c will be appended repeatedly, resulting in invalid module strings like ...,http2c,http2c.

Consider guarding against duplicate additions:

Proposed fix 
         self.make_pairwise_calculation_salt()
         if Config.install_jans_lock:
-            self.jetty_app_configuration[self.service_name]['jetty']['modules'] += ',http2c'
+            modules = self.jetty_app_configuration[self.service_name]['jetty']['modules']
+            if 'http2c' not in modules.split(','):
+                self.jetty_app_configuration[self.service_name]['jetty']['modules'] = modules + ',http2c'
         self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if Config.install_jans_lock:
self.jetty_app_configuration[self.service_name]['jetty']['modules'] += ',http2c'
self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
if Config.install_jans_lock:
modules = self.jetty_app_configuration[self.service_name]['jetty']['modules']
if 'http2c' not in modules.split(','):
self.jetty_app_configuration[self.service_name]['jetty']['modules'] = modules + ',http2c'
self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
🧰 Tools
🪛 Ruff (0.14.13)

61-61: Boolean positional value in function call

(FBT003)

🤖 Prompt for AI Agents 
In `@jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py` around lines
59 - 61, The jetty modules string in
self.jetty_app_configuration[self.service_name]['jetty']['modules'] is being
mutated with "+= ',http2c'", which can append duplicate "http2c" entries across
repeated install() calls; before appending, check the existing modules (split by
commas and strip whitespace) and only add "http2c" if it's not already present,
then join back into the modules string and proceed to call
self.install_jettyService(...).

self.set_class_path([os.path.join(self.custom_lib_dir, '*')])
self.external_libs()
Expand Down
Loading
Loading