Reputation: 55
Spring JWT : How to map user permissions to accesstoken scopes
I have a question concerning the mapping of my user permissions to access token scopes in spring JWT, in fact, when i map all user permissions to the accestoken scopes, and when I want to test this in my WS by @PreAuthorize("hasRole('ROLE_USER') and #oauth2.hasScope('XXXXX')") annotation. It does not work because the checking is based on client scopes rather than user access token scopes? Is there a way, for using access token scopes (which represents my permissions user) rather than client scopes by using the #oauth2.hasScope('XXXXX') annotation? how can i do that?
Upvotes: 1
Views: 356
Answers (1)
Reputation: 21
I think your user roles should be mapped to authorities in your AuthenticationProvider by overriding mapAuthorities, then you could use: PreAuthorize("hasRole('XXXX')") or PreAuthorize("hasAuthority('XXXX')")
Upvotes: 2
Related Questions
- Role based authorisation in JWT
- JWT (java) : roles in my token is not considered by HTTP-Request with error 403
- JWT role Based Authorization with Spring Security
- Spring boot how make a user role managing with jwt
- Spring Boot JWT token role-based authorization issue
- How to perform Auth0 JWT token user Role-based authorization
- spring : how to apply role to existing JWT token
- Using JWT with role based authorization
- JWT Spring - user based access
- User based permissions/scopes in Spring oAuth2