json - Spring OAUTH2 JWT Mapping user permissions to scopes -
i have question concerning mapping of user permissions access token scopes in spring jwt, in fact, when mapping user permissions accesstoken scopes follows:
public class authoritytokenenhancer implements tokenenhancer { @override public oauth2accesstoken enhance(oauth2accesstoken accesstoken, oauth2authentication authentication) { user user = (user) authentication.getprincipal(); final immutablemap<string, object> additionalinfo = immutablemap .builder() .put("authorities", user.getauthorities()) .build(); ((defaultoauth2accesstoken) accesstoken).setadditionalinformation(additionalinfo); ((defaultoauth2accesstoken) accesstoken).setscope(user.getpermissions()); return accesstoken; } }
and when want test in webservice @preauthorize("hasrole('role_user')
, #oauth2.hasscope('xxxxx')")
annotation. not work because checking based on client scopes rather user accesstoken scopes? there way, using access token scopes (which represents permissions user) rather client scopes using #oauth2.hasscope('xxxxx')
annotation? how can that?
you must enable feature using @enableglobalmethodsecurity(prepostenabled = true)
annotation @preauthorize
working:
@configuration @enableglobalmethodsecurity(prepostenabled = true) @enableoauth2sso public class websecurityconfiguration extends websecurityconfigureradapter { @override protected void configure(httpsecurity http) throws exception { // security config. can add expressions here } }
also note use hasauthority
alternative expression.
Comments
Post a Comment