Мобильная версияДобавление органов безопасности Spring вручную в Google JWT ⇐ JAVA
-
Гость
Добавление органов безопасности Spring вручную в Google JWT
The Google Sign-on API generates a JWT that I can use to authenticate a user with Spring Security OAuth2 resource server. The JWT alone will not allow me to use annotation like @PreAuthorize, however, because the Google JWT doesn't contain scope or roles attributes. Thus the JwtAuthenticationToken authorities are an empty list.
How do I manually add a List of authorities to a JwtAuthenticationToken during authentication? Can I manually track a User entity's Roles myself in a database?
I think I need to make changes here package com.example.ressource_server.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception{ httpSecurity.oauth2ResourceServer( r-> r.jwt(jwtConfigurer -> jwtConfigurer.jwkSetUri("https://www.googleapis.com/oauth2/v3/certs"))); httpSecurity.authorizeHttpRequests(auth -> auth.anyRequest().authenticated()); return httpSecurity.build(); } }
Источник: https://stackoverflow.com/questions/770 ... google-jwt
The Google Sign-on API generates a JWT that I can use to authenticate a user with Spring Security OAuth2 resource server. The JWT alone will not allow me to use annotation like @PreAuthorize, however, because the Google JWT doesn't contain scope or roles attributes. Thus the JwtAuthenticationToken authorities are an empty list.
How do I manually add a List of authorities to a JwtAuthenticationToken during authentication? Can I manually track a User entity's Roles myself in a database?
I think I need to make changes here package com.example.ressource_server.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception{ httpSecurity.oauth2ResourceServer( r-> r.jwt(jwtConfigurer -> jwtConfigurer.jwkSetUri("https://www.googleapis.com/oauth2/v3/certs"))); httpSecurity.authorizeHttpRequests(auth -> auth.anyRequest().authenticated()); return httpSecurity.build(); } }
Источник: https://stackoverflow.com/questions/770 ... google-jwt
