json - Spring OAUTH2 JWT Mapping user permissions to scopes -


i have question concerning mapping of user permissions access token scopes in spring jwt, in fact, when mapping user permissions accesstoken scopes follows:

public class authoritytokenenhancer implements tokenenhancer {     @override     public oauth2accesstoken enhance(oauth2accesstoken accesstoken, oauth2authentication authentication) {         user user = (user) authentication.getprincipal();         final immutablemap<string, object> additionalinfo = immutablemap                 .builder()                 .put("authorities", user.getauthorities())                 .build();         ((defaultoauth2accesstoken) accesstoken).setadditionalinformation(additionalinfo);         ((defaultoauth2accesstoken) accesstoken).setscope(user.getpermissions());         return accesstoken;     } } 

and when want test in webservice @preauthorize("hasrole('role_user') , #oauth2.hasscope('xxxxx')") annotation. not work because checking based on client scopes rather user accesstoken scopes? there way, using access token scopes (which represents permissions user) rather client scopes using #oauth2.hasscope('xxxxx') annotation? how can that?

you must enable feature using @enableglobalmethodsecurity(prepostenabled = true) annotation @preauthorize working:

@configuration @enableglobalmethodsecurity(prepostenabled = true) @enableoauth2sso public class websecurityconfiguration extends websecurityconfigureradapter {      @override     protected void configure(httpsecurity http) throws exception {         // security config. can add expressions here     } } 

also note use hasauthority alternative expression.


Comments

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

python Tkinter Capturing keyboard events save as one single string -

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -