You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 31, 2022. It is now read-only.
user's roles or GrantedAuthorities are not wrapped into JwtAuthenticationToken's authorities field, so that PreAuthorize with hasRole always return false.
there is only Scope exists below the authorities field of JwtAuthenticationToken.
user's roles or GrantedAuthorities is that which are granted to user itself.
Version
spring-boot-starter-security:2.1.3.RELEASE
The text was updated successfully, but these errors were encountered:
when it comes the time we create AbstractAuthenticationToken, the method here just getScopes of the Jwt, which is losing all the authorities of the claims.
if anyone knows the source code, please help to fix it. I personally think this is a bug without any doubt and should be fixed. or anyone can give me the link of spring-security-oauth2-resource-server with my fully thanks, i can not find it with spring-projects.
Summary
user's roles or GrantedAuthorities are not wrapped into JwtAuthenticationToken's authorities field, so that PreAuthorize with hasRole always return false.
there is only Scope exists below the authorities field of JwtAuthenticationToken.
user's roles or GrantedAuthorities is that which are granted to user itself.
Version
spring-boot-starter-security:2.1.3.RELEASE
The text was updated successfully, but these errors were encountered: