I followed this great tuto : https://developer.okta.com/blog/2020/01/06/crud-angular-9-spring-boot-2#spring-boot-as-an-oauth-2-0-resource-server
I would like to add Roles to the spring part. I don’t want to use claims like in this tuto https://developer.okta.com/blog/2018/09/26/build-a-spring-boot-webapp but I would like to add my customs role (from my own db).
I tryed to override userDetailsService() from WebSecurityConfigurerAdapter to use my custom UserDetailService. But it seems this method is never called … (see println), should it be?
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserRepository userRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
//@formatter:off
http
.authorizeRequests()
.antMatchers("/home/**").permitAll()
.antMatchers("/admin/**").hasAuthority("ADMIN")
.anyRequest().authenticated()
.and()
.oauth2Login()
.and()
.oauth2ResourceServer().jwt();
//@formatter:on
}
@Override
protected UserDetailsService userDetailsService() {
return username -> {
System.out.println("yo");
Optional<co.simplon.blog.model.User> user = userRepository.findByName(username);
return User
.withUsername(username)
.password(user.get().getPassword())
.authorities(Arrays.asList(user.get().getRole()))
.accountExpired(false)
.accountLocked(false)
.credentialsExpired(false)
.disabled(false)
.build();
};
}
}