search

Baeldung / spring-security-oauth

Getting Started withg Spring Security OAuth:
http://bit.ly/github-lsso
MIT License
1.99k stars 1.95k forks source link

How to inject roles in CustomUserStorageProvider #280

Closed dulshand closed 2 years ago

dulshand commented 2 years ago

I am trying to extend the example under this project spring-security-oauth/oauth-rest/ So that I can extend the CustomUserStorageProvider to get user information from a read only third party web service. I am able to generate the OpenID token. But I am unable to inject to the Client Role Mapping artificially to the User Model so that it will be visible in the JWT token. I have correctly added protocol mappers like this. When I create users from the console and assign roles from there the roles show up in the token. But the roles do not get populated when I try to set them in the UserModel while loading from CustomUserStorageProvider. How do I fix it? I tried to do something like this

customUser.getClientRoleMappings(session.getContext().getClient()).add(new CustomRole(roleName, roleName, true,session.getContext().getClient())); It does not give error but these custom roles do not show up in the token.

"protocolMappers": [ { "id": "4b109648-d8e2-4802-a158-69fbf5a17fc6", "name": "realm roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "user.attribute": "foo", "access.token.claim": "true", "claim.name": "realm_access.roles", "jsonType.label": "String", "multivalued": "true" } }, { "id": "1883daa7-2552-42a5-b156-36d7625bab13", "name": "client roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-client-role-mapper", "consentRequired": false, "config": { "user.attribute": "foo", "access.token.claim": "true", "claim.name": "resource_access.${client_id}.roles", "jsonType.label": "String", "multivalued": "true" } }, { "id": "99a36320-7813-4137-a640-83992742b1a8", "name": "groups", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "multivalued": "true", "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "groups", "jsonType.label": "String" } } ],

kwoyke commented 2 years ago

Hey @dulshand ,

Unfortunately, here can only help with issues that are specifically and directly related to our code - not with your own, custom application.

StackOverflow is a great place to ask more general questions. That's primarily because we get a large number of questions and - while we do try to go through as much as everything and help wherever we can, we can't really get back to all of them. Hope that makes sense.