Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade JHipster monolith to Spring Security 5.1 OIDC Support #1

Open
wants to merge 18 commits into
base: master
from

Conversation

Projects
None yet
2 participants
@mraible
Copy link
Owner

commented Feb 15, 2019

To test, start-up Keycloak:

docker-compose -f src/main/docker/keycloak.yml up -d

Then start the app using ./mvnw.

@mraible mraible referenced this pull request Feb 16, 2019

Closed

Upgrade Spring Security's OIDC Support #9276

4 of 4 tasks complete
OAuth2ClientContext oAuth2ClientContext) {
return new OAuth2RestTemplate(oAuth2ProtectedResourceDetails, oAuth2ClientContext);
@SuppressWarnings("unchecked")
public GrantedAuthoritiesMapper userAuthoritiesMapper() {

This comment has been minimized.

Copy link
@imduffy15

imduffy15 Feb 16, 2019

Hey @mraible,

Thanks for giving this example, I love looking at your work as a point of reference.

Question for you around converting the groups claim to the authorities in the security context. Any reason for not just using a custom mapper in keycloak to map the groups/client-roles/realm-roles to a claim labelled as one of the WELL_KNOWN_SCOPE_ATTRIBUTE_NAMES[1] and letting spring do its conversion?

[1] https://github.com/spring-projects/spring-security/blob/master/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverter.java#L40

@mraible

This comment has been minimized.

Copy link
Owner Author

commented Feb 17, 2019

@mraible mraible changed the title Upgrade to Spring Security 5.1 OIDC Support Upgrade JHipster monolith to Spring Security 5.1 OIDC Support Feb 27, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.