Role with Spring security

kmaeng · June 17, 2020, 10:47am

Hi, All.

I wanted to add “role” claim to access token but it’s not possible.
I can use custom namespace with the role claim.
So…how can I configure “hasRole” method in Spring Security if the token value is ‘http://example.com/roles’=['admin’]?

        http.authorizeRequests()
                .mvcMatchers("/public").permitAll()
                .mvcMatchers("/private").authenticated()
                .mvcMatchers("/private-scoped").hasAuthority("SCOPE_read:messages")
                .mvcMatchers("/private-role").hasRole("admin") //how can?
                .and()
                .oauth2ResourceServer().jwt();

Thanks!

Topic		Replies	Views
How to parse roles put in custom claims in Spring Security? Help jwt , roles , claims , spring-boot , spring-security	2	5430	August 12, 2020
Authorization Issue while accessing Auth0 roles for spring security @PreAuthorize hasRole Help	3	5793	July 29, 2019
Authorization Extension not working with Spring Security Help jwt , authorization-extens	5	4782	August 27, 2019
Add "roles" to access token Help configuration , application	1	614	April 16, 2024
Roles are not being added to JWT access token Help rules , roles , access-token	2	6249	March 2, 2018

Role with Spring security

Related Topics