How exactly are the roles checked in this scenario? Suppose you have and endpoint that has in configuration a restriction: hasRole("ADMIN"). How would the authorization filter work then?
JwtAuthenticationFilter
JwtAuthorizationFilter
hasRole("ADMIN")
"ROLE_ADMIN"
In my example, roles and user are defined in SecurityConfiguration (in-memory user).
SecurityConfiguration
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
How exactly are the roles checked in this scenario? Suppose you have and endpoint that has in configuration a restriction: hasRole("ADMIN"). How would the authorization filter work then?
JwtAuthenticationFiltersaves user data and roles into JWT when the user logs in.JwtAuthorizationFilterparses the JWT during every HTTP request and load user data and roles from JWT into Spring's security context.hasRole("ADMIN")reads roles from security context and allows request only if there is"ROLE_ADMIN".In my example, roles and user are defined in
SecurityConfiguration(in-memory user).