json - Spring OAUTH2 JWT Mapping user permissions to scopes -


i have question concerning mapping of user permissions access token scopes in spring jwt, in fact, when mapping user permissions accesstoken scopes follows:

public class authoritytokenenhancer implements tokenenhancer {     @override     public oauth2accesstoken enhance(oauth2accesstoken accesstoken, oauth2authentication authentication) {         user user = (user) authentication.getprincipal();         final immutablemap<string, object> additionalinfo = immutablemap                 .builder()                 .put("authorities", user.getauthorities())                 .build();         ((defaultoauth2accesstoken) accesstoken).setadditionalinformation(additionalinfo);         ((defaultoauth2accesstoken) accesstoken).setscope(user.getpermissions());         return accesstoken;     } }

and when want test in webservice @preauthorize("hasrole('role_user') , #oauth2.hasscope('xxxxx')") annotation. not work because checking based on client scopes rather user accesstoken scopes? there way, using access token scopes (which represents permissions user) rather client scopes using #oauth2.hasscope('xxxxx') annotation? how can that?

you must enable feature using @enableglobalmethodsecurity(prepostenabled = true) annotation @preauthorize working:

@configuration @enableglobalmethodsecurity(prepostenabled = true) @enableoauth2sso public class websecurityconfiguration extends websecurityconfigureradapter {      @override     protected void configure(httpsecurity http) throws exception {         // security config. can add expressions here     } }

also note use hasauthority alternative expression.


Comments

Post a Comment

Popular posts from this blog

PHP and MySQL WP -

i trying accomplish 2 things here code. writing php directly wp page using insert php plugin. 1) query mysql database , return results 1 column 4 columns. 2) make each result own hyperlink directs user new wp page runs new query on page. i able query show results , turn results dynamic hyperlink, cannot formatting down. right returns result 1 column. here have: [insert_php] $servername = "localhost"; $username = "login"; //edited privacy $password = "password"; //edited privacy $database = "database"; //edited privacy // create connection $conn = new mysqli($servername, $username, $password, $database); // check connection if ($conn->connect_error) { die("connection failed: " . $conn->connect_error); } echo "connected successfully"; //get results database $result = mysqli_query($conn,"select mine mines order mine"); $all_property = array(); //declare array saving property //showing proper...
Read more

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m...
Read more

nginx - phpPgAdmin - log in works but I have to login again after clicking on any links -

i have setup postgres 9.6 , phppgadmin on centos 7 server nginx, i can log in phppgadmin, postgresql server on right of page remains crossed out , link try browse (databases, roles etc) requires log in again. i'm thinking seems sessions problem, unsure how resolve it. any pointers on how fix or should looking @ in order track down problem? solved. turns out owner of /var/lib/php/session apache - needed nginx. sorted changing ownership nginx below: chown -r nginx:nginx /var/lib/php/session/
Read more