DEV Community

Discussion on: Spring Security with JWT

Collapse
 
kubadlo profile image
Jakub Leško
  1. JwtAuthenticationFilter saves user data and roles into JWT when the user logs in.
  2. JwtAuthorizationFilter parses the JWT during every HTTP request and load user data and roles from JWT into Spring's security context.
  3. hasRole("ADMIN") reads roles from security context and allows request only if there is "ROLE_ADMIN".

In my example, roles and user are defined in SecurityConfiguration (in-memory user).