From fee71d824910489dbf42952ce01f535ee610c9f9 Mon Sep 17 00:00:00 2001 From: David Date: Wed, 10 Sep 2025 15:28:53 +0200 Subject: [PATCH 01/13] add jwt validation and test endpoint --- pom.xml | 4 ++++ .../ase/userservice/controllers/DemoController.java | 13 +++++++++++++ src/main/resources/application.yaml | 7 +++++++ 3 files changed, 24 insertions(+) create mode 100644 src/main/java/com/ase/userservice/controllers/DemoController.java diff --git a/pom.xml b/pom.xml index e26b2f8a..e438d3b9 100644 --- a/pom.xml +++ b/pom.xml @@ -64,5 +64,9 @@ h2 runtime + + org.springframework.boot + spring-boot-starter-oauth2-resource-server + diff --git a/src/main/java/com/ase/userservice/controllers/DemoController.java b/src/main/java/com/ase/userservice/controllers/DemoController.java new file mode 100644 index 00000000..94df8ae3 --- /dev/null +++ b/src/main/java/com/ase/userservice/controllers/DemoController.java @@ -0,0 +1,13 @@ +package com.ase.userservice.controllers; + +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +public class DemoController { + + @GetMapping("/demo") + public String demo() { + return "Hello from DemoController!"; + } +} \ No newline at end of file diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 4b5711b9..b20393fd 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -14,6 +14,13 @@ spring: driverClassName: org.h2.Driver username: sa password: password + security: + oauth2: + resourceserver: + jwt: + issuer-uri: http://localhost:8080/realms/sau + jwk-set-uri: http://localhost:8080/realms/sau/protocol/openid-connect/certs server: + port: 8081 error: include-message: always From 005168b3e65a9e19b2ca89a2633d58fc0c416f7f Mon Sep 17 00:00:00 2001 From: David Date: Thu, 11 Sep 2025 13:18:36 +0200 Subject: [PATCH 02/13] change issuer uri --- src/main/resources/application.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index b20393fd..f7a5442c 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -18,9 +18,9 @@ spring: oauth2: resourceserver: jwt: - issuer-uri: http://localhost:8080/realms/sau - jwk-set-uri: http://localhost:8080/realms/sau/protocol/openid-connect/certs + issuer-uri: https://keycloak.sau-portal.de/realms/sau + jwk-set-uri: https://keycloak.sau-portal.de/realms/sau/protocol/openid-connect/certs server: - port: 8081 + port: 8080 error: include-message: always From 647cf16667f718e70db8af329f2c58d76d917d7e Mon Sep 17 00:00:00 2001 From: David Date: Thu, 11 Sep 2025 13:46:41 +0200 Subject: [PATCH 03/13] add: provisory dockerfile --- Dockerfile | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..27d6d76c --- /dev/null +++ b/Dockerfile @@ -0,0 +1,16 @@ +# Use an official OpenJDK runtime as a parent image +FROM debian:latest + +USER root + +# Set the working directory inside the container +WORKDIR /app + +COPY ./ ./ + +RUN apt-get update && apt-get install -y maven openjdk-21-jdk + +RUN mvn clean install +EXPOSE 8080 + +ENTRYPOINT ["mvn", "spring-boot:run"] \ No newline at end of file From 95a08475668a81e4db3dd233233bb8f8a7a05f99 Mon Sep 17 00:00:00 2001 From: erik Date: Thu, 11 Sep 2025 14:31:49 +0200 Subject: [PATCH 04/13] try to implement route protection we just copy-pasted the code from the tutorial and hope that it works --- pom.xml | 4 +++ .../controllers/DemoController.java | 1 + .../security/JwtAuthConverter.java | 25 ++++++++++++++ .../userservice/security/SecurityConfig.java | 34 +++++++++++++++++++ 4 files changed, 64 insertions(+) create mode 100644 src/main/java/com/ase/userservice/security/JwtAuthConverter.java create mode 100644 src/main/java/com/ase/userservice/security/SecurityConfig.java diff --git a/pom.xml b/pom.xml index e438d3b9..145a1755 100644 --- a/pom.xml +++ b/pom.xml @@ -68,5 +68,9 @@ org.springframework.boot spring-boot-starter-oauth2-resource-server + + org.springframework.boot + spring-boot-starter-security + diff --git a/src/main/java/com/ase/userservice/controllers/DemoController.java b/src/main/java/com/ase/userservice/controllers/DemoController.java index 94df8ae3..8736adb1 100644 --- a/src/main/java/com/ase/userservice/controllers/DemoController.java +++ b/src/main/java/com/ase/userservice/controllers/DemoController.java @@ -1,5 +1,6 @@ package com.ase.userservice.controllers; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; diff --git a/src/main/java/com/ase/userservice/security/JwtAuthConverter.java b/src/main/java/com/ase/userservice/security/JwtAuthConverter.java new file mode 100644 index 00000000..318bda1a --- /dev/null +++ b/src/main/java/com/ase/userservice/security/JwtAuthConverter.java @@ -0,0 +1,25 @@ +// based on this tutorial xdd: https://www.javacodegeeks.com/2025/07/spring-boot-keycloak-role-based-authorization.html + +package com.ase.userservice.security; + +import org.springframework.core.convert.converter.Converter; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.oauth2.jwt.Jwt; +import java.util.Collection; +import java.util.List; +import java.util.stream.Collectors; + +public class JwtAuthConverter implements Converter> { + @Override + public Collection convert(Jwt jwt) { + var realmAccess = jwt.getClaimAsMap("realm_access"); + if (realmAccess == null || realmAccess.isEmpty()) { + return List.of(); + } + var roles = (List) realmAccess.get("roles"); + return roles.stream() + .map(role -> new SimpleGrantedAuthority("ROLE_" + role.toUpperCase())) + .collect(Collectors.toList()); + } +} \ No newline at end of file diff --git a/src/main/java/com/ase/userservice/security/SecurityConfig.java b/src/main/java/com/ase/userservice/security/SecurityConfig.java new file mode 100644 index 00000000..e31c1674 --- /dev/null +++ b/src/main/java/com/ase/userservice/security/SecurityConfig.java @@ -0,0 +1,34 @@ +// // based on this tutorial xdd: https://www.javacodegeeks.com/2025/07/spring-boot-keycloak-role-based-authorization.html + + +package com.ase.userservice.security; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter; +import org.springframework.security.web.SecurityFilterChain; + +@Configuration +@EnableMethodSecurity +public class SecurityConfig { + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + JwtAuthenticationConverter jwtConverter = new JwtAuthenticationConverter(); + jwtConverter.setJwtGrantedAuthoritiesConverter(new JwtAuthConverter()); + + + http + .authorizeHttpRequests(authorize -> authorize + .requestMatchers("/demo/**").hasRole("defaultrole") + .requestMatchers("/admin/**").hasRole("admin") + .anyRequest().authenticated() + ) + .oauth2ResourceServer(oauth2 -> oauth2 + .jwt(jwt -> jwt.jwtAuthenticationConverter(jwtConverter)) + ); + return http.build(); + } +} \ No newline at end of file From 8637687f160bbe69909d5bd1cee9f4db0da6952b Mon Sep 17 00:00:00 2001 From: David Date: Thu, 11 Sep 2025 14:58:17 +0200 Subject: [PATCH 05/13] working mapper broken rbac --- .../com/ase/userservice/controllers/DemoController.java | 1 - .../com/ase/userservice/security/JwtAuthConverter.java | 7 +++---- .../java/com/ase/userservice/security/SecurityConfig.java | 2 +- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/ase/userservice/controllers/DemoController.java b/src/main/java/com/ase/userservice/controllers/DemoController.java index 8736adb1..94df8ae3 100644 --- a/src/main/java/com/ase/userservice/controllers/DemoController.java +++ b/src/main/java/com/ase/userservice/controllers/DemoController.java @@ -1,6 +1,5 @@ package com.ase.userservice.controllers; -import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; diff --git a/src/main/java/com/ase/userservice/security/JwtAuthConverter.java b/src/main/java/com/ase/userservice/security/JwtAuthConverter.java index 318bda1a..c24d214a 100644 --- a/src/main/java/com/ase/userservice/security/JwtAuthConverter.java +++ b/src/main/java/com/ase/userservice/security/JwtAuthConverter.java @@ -13,11 +13,10 @@ public class JwtAuthConverter implements Converter> { @Override public Collection convert(Jwt jwt) { - var realmAccess = jwt.getClaimAsMap("realm_access"); - if (realmAccess == null || realmAccess.isEmpty()) { - return List.of(); + var roles = jwt.getClaimAsStringList("groups"); + for (String role : roles) { + System.out.println("Role from JWT: " + role); } - var roles = (List) realmAccess.get("roles"); return roles.stream() .map(role -> new SimpleGrantedAuthority("ROLE_" + role.toUpperCase())) .collect(Collectors.toList()); diff --git a/src/main/java/com/ase/userservice/security/SecurityConfig.java b/src/main/java/com/ase/userservice/security/SecurityConfig.java index e31c1674..602f31a9 100644 --- a/src/main/java/com/ase/userservice/security/SecurityConfig.java +++ b/src/main/java/com/ase/userservice/security/SecurityConfig.java @@ -22,7 +22,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests(authorize -> authorize - .requestMatchers("/demo/**").hasRole("defaultrole") + .requestMatchers("/demo").hasRole("default-roles-sau") .requestMatchers("/admin/**").hasRole("admin") .anyRequest().authenticated() ) From 00d6b2d2717b1bc492df3a0c658460cef66e5f6d Mon Sep 17 00:00:00 2001 From: David Date: Thu, 11 Sep 2025 15:11:16 +0200 Subject: [PATCH 06/13] fix for role mapper? --- .../java/com/ase/userservice/security/JwtAuthConverter.java | 2 +- src/main/java/com/ase/userservice/security/SecurityConfig.java | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/ase/userservice/security/JwtAuthConverter.java b/src/main/java/com/ase/userservice/security/JwtAuthConverter.java index c24d214a..a406e9ea 100644 --- a/src/main/java/com/ase/userservice/security/JwtAuthConverter.java +++ b/src/main/java/com/ase/userservice/security/JwtAuthConverter.java @@ -18,7 +18,7 @@ public Collection convert(Jwt jwt) { System.out.println("Role from JWT: " + role); } return roles.stream() - .map(role -> new SimpleGrantedAuthority("ROLE_" + role.toUpperCase())) + .map(role -> new SimpleGrantedAuthority(role)) .collect(Collectors.toList()); } } \ No newline at end of file diff --git a/src/main/java/com/ase/userservice/security/SecurityConfig.java b/src/main/java/com/ase/userservice/security/SecurityConfig.java index 602f31a9..0eae9a01 100644 --- a/src/main/java/com/ase/userservice/security/SecurityConfig.java +++ b/src/main/java/com/ase/userservice/security/SecurityConfig.java @@ -18,11 +18,10 @@ public class SecurityConfig { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { JwtAuthenticationConverter jwtConverter = new JwtAuthenticationConverter(); jwtConverter.setJwtGrantedAuthoritiesConverter(new JwtAuthConverter()); - http .authorizeHttpRequests(authorize -> authorize - .requestMatchers("/demo").hasRole("default-roles-sau") + .requestMatchers("/demo/**").hasRole("default-roles-sau") .requestMatchers("/admin/**").hasRole("admin") .anyRequest().authenticated() ) From c67febd17f48c3f0063526e7e1cc1a3f9c1ee580 Mon Sep 17 00:00:00 2001 From: David Date: Thu, 11 Sep 2025 15:16:19 +0200 Subject: [PATCH 07/13] working role mapper and rbac --- src/main/java/com/ase/userservice/security/SecurityConfig.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/ase/userservice/security/SecurityConfig.java b/src/main/java/com/ase/userservice/security/SecurityConfig.java index 602f31a9..f8580127 100644 --- a/src/main/java/com/ase/userservice/security/SecurityConfig.java +++ b/src/main/java/com/ase/userservice/security/SecurityConfig.java @@ -20,9 +20,10 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { jwtConverter.setJwtGrantedAuthoritiesConverter(new JwtAuthConverter()); + //the role always has to be capatalized http .authorizeHttpRequests(authorize -> authorize - .requestMatchers("/demo").hasRole("default-roles-sau") + .requestMatchers("/demo").hasRole("DEFAULT-ROLES-SAU") .requestMatchers("/admin/**").hasRole("admin") .anyRequest().authenticated() ) From df2066b7844b94076355ea53aa51e7819dc5f0e2 Mon Sep 17 00:00:00 2001 From: erik Date: Thu, 11 Sep 2025 15:20:19 +0200 Subject: [PATCH 08/13] add note in endpoint code --- .../java/com/ase/userservice/controllers/DemoController.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/com/ase/userservice/controllers/DemoController.java b/src/main/java/com/ase/userservice/controllers/DemoController.java index 94df8ae3..917a8097 100644 --- a/src/main/java/com/ase/userservice/controllers/DemoController.java +++ b/src/main/java/com/ase/userservice/controllers/DemoController.java @@ -6,6 +6,8 @@ @RestController public class DemoController { + + // to manage access, add route rules in security/SecurityConfig.java like in the examples @GetMapping("/demo") public String demo() { return "Hello from DemoController!"; From d31412284e528ea8abda4dfc187ceb6b10382929 Mon Sep 17 00:00:00 2001 From: David Date: Thu, 11 Sep 2025 15:29:54 +0200 Subject: [PATCH 09/13] code cleanup --- .../com/ase/userservice/security/JwtAuthConverter.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/ase/userservice/security/JwtAuthConverter.java b/src/main/java/com/ase/userservice/security/JwtAuthConverter.java index c24d214a..6d23c9d4 100644 --- a/src/main/java/com/ase/userservice/security/JwtAuthConverter.java +++ b/src/main/java/com/ase/userservice/security/JwtAuthConverter.java @@ -6,13 +6,16 @@ import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.jwt.Jwt; + +import org.springframework.lang.NonNull; + import java.util.Collection; -import java.util.List; import java.util.stream.Collectors; public class JwtAuthConverter implements Converter> { + @Override - public Collection convert(Jwt jwt) { + public Collection convert(@NonNull Jwt jwt) { var roles = jwt.getClaimAsStringList("groups"); for (String role : roles) { System.out.println("Role from JWT: " + role); From d795b0b5388ad6db7ccddd89b6b55aa1a8c64fef Mon Sep 17 00:00:00 2001 From: David Clara Figueiredo Date: Fri, 12 Sep 2025 14:54:33 +0200 Subject: [PATCH 10/13] add user model to extract info from jwt, change claim from which to get roles, need to add jwt mapping to model --- .../com/ase/userservice/entities/User.java | 26 +++++++++++++++++++ .../security/JwtAuthConverter.java | 9 +++++-- 2 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 src/main/java/com/ase/userservice/entities/User.java diff --git a/src/main/java/com/ase/userservice/entities/User.java b/src/main/java/com/ase/userservice/entities/User.java new file mode 100644 index 00000000..1e695ec5 --- /dev/null +++ b/src/main/java/com/ase/userservice/entities/User.java @@ -0,0 +1,26 @@ +package com.ase.userservice.entities; + +import java.util.ArrayList; + +public class User { + public int exp; + public int iat; + public int auth_time; + public String jti; + public String iss; + public String aud; + public String sub; + public String typ; + public String azp; + public String sid; + public String at_hash; + public String acr; + public String upn; + public boolean email_verified; + public String name; + public ArrayList groups; + public String preferred_username; + public String given_name; + public String family_name; + public String email; +} diff --git a/src/main/java/com/ase/userservice/security/JwtAuthConverter.java b/src/main/java/com/ase/userservice/security/JwtAuthConverter.java index 6d23c9d4..a2f35720 100644 --- a/src/main/java/com/ase/userservice/security/JwtAuthConverter.java +++ b/src/main/java/com/ase/userservice/security/JwtAuthConverter.java @@ -10,13 +10,18 @@ import org.springframework.lang.NonNull; import java.util.Collection; +import java.util.List; import java.util.stream.Collectors; public class JwtAuthConverter implements Converter> { @Override - public Collection convert(@NonNull Jwt jwt) { - var roles = jwt.getClaimAsStringList("groups"); + public Collection convert(@NonNull Jwt jwt) {; + var claims = jwt.getClaimAsMap("realm_access"); + if (claims == null || claims.isEmpty()) { + return List.of(); + } + var roles = (List) claims.get("groups"); for (String role : roles) { System.out.println("Role from JWT: " + role); } From 0f1834df1998c3213003f33571a0888e4446638b Mon Sep 17 00:00:00 2001 From: erik Date: Mon, 22 Sep 2025 13:29:19 +0200 Subject: [PATCH 11/13] fix style and format the formatter uses some kind of formatting i cant properly understand on my machine using the redhat java formatter. --- .../controllers/DemoController.java | 4 +-- .../security/JwtAuthConverter.java | 24 ++++++------- .../userservice/security/SecurityConfig.java | 36 +++++++++---------- 3 files changed, 28 insertions(+), 36 deletions(-) diff --git a/src/main/java/com/ase/userservice/controllers/DemoController.java b/src/main/java/com/ase/userservice/controllers/DemoController.java index 917a8097..36062429 100644 --- a/src/main/java/com/ase/userservice/controllers/DemoController.java +++ b/src/main/java/com/ase/userservice/controllers/DemoController.java @@ -6,8 +6,8 @@ @RestController public class DemoController { - - // to manage access, add route rules in security/SecurityConfig.java like in the examples + // to manage access, add route rules in security/SecurityConfig.java like in the + // examples @GetMapping("/demo") public String demo() { return "Hello from DemoController!"; diff --git a/src/main/java/com/ase/userservice/security/JwtAuthConverter.java b/src/main/java/com/ase/userservice/security/JwtAuthConverter.java index a2f35720..a520e593 100644 --- a/src/main/java/com/ase/userservice/security/JwtAuthConverter.java +++ b/src/main/java/com/ase/userservice/security/JwtAuthConverter.java @@ -1,4 +1,4 @@ -// based on this tutorial xdd: https://www.javacodegeeks.com/2025/07/spring-boot-keycloak-role-based-authorization.html +// based on this tutorial: https://www.javacodegeeks.com/2025/07/spring-boot-keycloak-role-based-authorization.html package com.ase.userservice.security; @@ -6,25 +6,21 @@ import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.jwt.Jwt; - import org.springframework.lang.NonNull; - import java.util.Collection; import java.util.List; import java.util.stream.Collectors; - + public class JwtAuthConverter implements Converter> { - + @Override - public Collection convert(@NonNull Jwt jwt) {; - var claims = jwt.getClaimAsMap("realm_access"); - if (claims == null || claims.isEmpty()) { - return List.of(); - } - var roles = (List) claims.get("groups"); - for (String role : roles) { - System.out.println("Role from JWT: " + role); - } + public Collection convert(@NonNull Jwt jwt) { + var roles = jwt.getClaimAsStringList("groups"); + + // you can check the roles here if you want to + // for (String role : roles) { + // System.out.println("Role from JWT: " + role); + // } return roles.stream() .map(role -> new SimpleGrantedAuthority("ROLE_" + role.toUpperCase())) .collect(Collectors.toList()); diff --git a/src/main/java/com/ase/userservice/security/SecurityConfig.java b/src/main/java/com/ase/userservice/security/SecurityConfig.java index f8580127..8c2122dd 100644 --- a/src/main/java/com/ase/userservice/security/SecurityConfig.java +++ b/src/main/java/com/ase/userservice/security/SecurityConfig.java @@ -1,5 +1,4 @@ -// // based on this tutorial xdd: https://www.javacodegeeks.com/2025/07/spring-boot-keycloak-role-based-authorization.html - +// based on this tutorial: https://www.javacodegeeks.com/2025/07/spring-boot-keycloak-role-based-authorization.html package com.ase.userservice.security; @@ -9,27 +8,24 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter; import org.springframework.security.web.SecurityFilterChain; - + @Configuration @EnableMethodSecurity public class SecurityConfig { - - @Bean - public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - JwtAuthenticationConverter jwtConverter = new JwtAuthenticationConverter(); - jwtConverter.setJwtGrantedAuthoritiesConverter(new JwtAuthConverter()); - - - //the role always has to be capatalized - http - .authorizeHttpRequests(authorize -> authorize + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + JwtAuthenticationConverter jwtConverter = new JwtAuthenticationConverter(); + jwtConverter.setJwtGrantedAuthoritiesConverter(new JwtAuthConverter()); + + // the role always has to be capatalized + http + .authorizeHttpRequests(authorize -> authorize .requestMatchers("/demo").hasRole("DEFAULT-ROLES-SAU") .requestMatchers("/admin/**").hasRole("admin") - .anyRequest().authenticated() - ) - .oauth2ResourceServer(oauth2 -> oauth2 - .jwt(jwt -> jwt.jwtAuthenticationConverter(jwtConverter)) - ); - return http.build(); - } + .anyRequest().authenticated()) + .oauth2ResourceServer(oauth2 -> oauth2 + .jwt(jwt -> jwt.jwtAuthenticationConverter(jwtConverter))); + return http.build(); + } } \ No newline at end of file From 8a1ad44905773e7bfb70714f9aea50246e0b6e33 Mon Sep 17 00:00:00 2001 From: David Date: Mon, 22 Sep 2025 14:07:09 +0200 Subject: [PATCH 12/13] add infos regarding security into README --- README.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/README.md b/README.md index b0c77d9f..c14d32c9 100644 --- a/README.md +++ b/README.md @@ -116,3 +116,28 @@ The project uses the following key dependencies: - `spring-boot-starter-security`: For securing the application with basic authentication. - `springdoc-openapi-ui`: For generating OpenAPI documentation and Swagger UI. - `spring-boot-starter-actuator`: For monitoring and managing the application. + + +## Security && rbac +Endpoint Access/Security is configured in package com.ase.userservice.security via SecurityConfig.java. + +To add a new rule, you need to fill the function parameters for this snippet: +```java +http + .authorizeHttpRequests(authorize -> authorize + .requestMatchers("/demo").hasRole("DEFAULT-ROLES-SAU") + .requestMatchers("/admin/**").hasRole("admin") + .anyRequest().authenticated() + ) + .oauth2ResourceServer(oauth2 -> oauth2 + .jwt(jwt -> jwt.jwtAuthenticationConverter(jwtConverter)) + ); +``` + +Specifically you need to add the following line for each protected route and role: +```java +.requestMatchers("/").hasRole("") +``` +Glob pattern matching is supported. + +If you need more infos regarding secuirty, visit our documentation page: [placeholder](http://example.com) \ No newline at end of file From 73370696d7e375622c62cb9900344111e6f2e571 Mon Sep 17 00:00:00 2001 From: David Date: Mon, 22 Sep 2025 15:06:00 +0200 Subject: [PATCH 13/13] cleanup --- .../java/com/ase/userservice/security/JwtAuthConverter.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/ase/userservice/security/JwtAuthConverter.java b/src/main/java/com/ase/userservice/security/JwtAuthConverter.java index a520e593..6cebcdd3 100644 --- a/src/main/java/com/ase/userservice/security/JwtAuthConverter.java +++ b/src/main/java/com/ase/userservice/security/JwtAuthConverter.java @@ -8,7 +8,6 @@ import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.lang.NonNull; import java.util.Collection; -import java.util.List; import java.util.stream.Collectors; public class JwtAuthConverter implements Converter> { @@ -18,8 +17,8 @@ public Collection convert(@NonNull Jwt jwt) { var roles = jwt.getClaimAsStringList("groups"); // you can check the roles here if you want to - // for (String role : roles) { - // System.out.println("Role from JWT: " + role); + //for (String role : roles) { + //System.out.println("Role from JWT: " + role); // } return roles.stream() .map(role -> new SimpleGrantedAuthority("ROLE_" + role.toUpperCase()))