json - Spring OAUTH2 JWT Mapping user permissions to scopes -


i have question concerning mapping of user permissions access token scopes in spring jwt, in fact, when mapping user permissions accesstoken scopes follows:

public class authoritytokenenhancer implements tokenenhancer {     @override     public oauth2accesstoken enhance(oauth2accesstoken accesstoken, oauth2authentication authentication) {         user user = (user) authentication.getprincipal();         final immutablemap<string, object> additionalinfo = immutablemap                 .builder()                 .put("authorities", user.getauthorities())                 .build();         ((defaultoauth2accesstoken) accesstoken).setadditionalinformation(additionalinfo);         ((defaultoauth2accesstoken) accesstoken).setscope(user.getpermissions());         return accesstoken;     } }

and when want test in webservice @preauthorize("hasrole('role_user') , #oauth2.hasscope('xxxxx')") annotation. not work because checking based on client scopes rather user accesstoken scopes? there way, using access token scopes (which represents permissions user) rather client scopes using #oauth2.hasscope('xxxxx') annotation? how can that?

you must enable feature using @enableglobalmethodsecurity(prepostenabled = true) annotation @preauthorize working:

@configuration @enableglobalmethodsecurity(prepostenabled = true) @enableoauth2sso public class websecurityconfiguration extends websecurityconfigureradapter {      @override     protected void configure(httpsecurity http) throws exception {         // security config. can add expressions here     } }

also note use hasauthority alternative expression.


Comments

Post a Comment

Popular posts from this blog

python Tkinter Capturing keyboard events save as one single string -

is possible store keyboard events 1 string? code below stores 1 char , prints it. card reader or bar code reader, contains collection of character/ string not 1 character @ time. goal save char pressed text variable. from tkinter import * root = tk() def key(event): text= event.char text+= event.char print ("pressed", text) def callback(event): frame.focus_set() print ("clicked at", event.x, event.y) frame = frame(root, width=100, height=100) frame.bind("<key>", key) frame.bind("<button-1>", callback) frame.pack() root.mainloop() currently, creating text variable , everytime key() function gets called, , text stores last character typed. you can define text module level variable , , use module level text inside key function - text = '' def key(event): global text text+= event.char print("pressed", text)
Read more

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m
Read more

javascript - Z-index in d3.js -

i have map , when hover effect on region of map below yellow line , circle, last ones disappear. how can solve problem? http://jsfiddle.net/ot21n9qx/ var arc = g.append("path") .style("fill", "none") .style("stroke", "yellow") .style("stroke-width", 2) .attr("d", "m" + pathorigin[0] + "," + pathorigin[1] + " q" + svgpoint[0] + "," + pathorigin[1] + " " + svgpoint[0] + "," + svgpoint[1]); var circlesize = d3.scale.linear() .domain([0, 0.5, 1]) .range([4, 10, 4]); svg not have z order draws objects in order created. need create path , circle after create highlight regions. here forked fiddle: http://jsfiddle.net/o00fzgaf/1/
Read more