DEV Community

DEV Community is a community of 553,164 amazing developers

We're a place where coders share, stay up-to-date and grow their careers.

Create new account Log in
loading...

Discussion on: Spring Security with JWT

View post Full discussion

Replies for: How exactly are the roles checked in this scenario? Suppose you have and endpoint that has in configuration a restriction: hasRole("ADMIN"). How wo...

Collapse
kubadlo profile image
Jakub Leško Author
  1. JwtAuthenticationFilter saves user data and roles into JWT when the user logs in.
  2. JwtAuthorizationFilter parses the JWT during every HTTP request and load user data and roles from JWT into Spring's security context.
  3. hasRole("ADMIN") reads roles from security context and allows request only if there is "ROLE_ADMIN".

In my example, roles and user are defined in SecurityConfiguration (in-memory user).