The JADE 2022 release meets tomorrow’s business demands.
When setting up a API via JadeRestService the current way to enable JWT validation is to right-click on the method being exposed, select "REST Security Option" and add something (single claim, delegate etc). When 1 item is added to this "REST Security Option" the internal JWT validation is enabled.
My class has over a hundred methods to expose, they all point to the same common "additional-validation" method/delegate. It is very fiddly and the methods in question don't have anything on the IDE to show JWT validation is enabled. What I'm really concerned with is the opposite - the IDE also doesn't show JWT validation is NOT enabled for that method. Because the JWT validation is 'opt in', it feels like a security mistake waiting to happen.
I would rather force enable the JWT checks in a common place. Is there a recommended way to add this validation in a common location, example: the 'processRequest' that calls JadeJWTValidator@validateAsymmetricTokenRS() and redirect to an error method on fail?
Additionally, is 'validateAsymmetricTokenRS()' enough to replicate the internal JWT validation or are there more methods I need to call? I appreciate there are best-practices for additional checking, I'm just ensuring I'm replicating the base logic.
