rmandlx
commented
3 years ago Authorization via Roles works now. One important step to get it to work, was to use the @EnableGlobalMethodSecurity(prePostEnabled = true) Annotation in the WebSecurity Config. The Role is stored inside the JWT and the UserInformation will correctly parse that from the JWT (this happens in JWTAuthenticationFilter). Currently there is a unsercured endpoint in the Usermgmt Service that will grant a free Admin JWT for testing.
Closes #90. The security was partly refactored. More JWT Claims were added. Added a convenient UserInformation Class, that can be used to retrieve Information about the Authenticated User inside an authenticated Endpoint. For an exampel see /bikenest/getUser (https://github.com/amosproj/amos-ss2021-bike-nest/blob/0e6f4b8fe95b13b44b40c419137109633c5d1dd0/Backend/service-bikenest/src/main/java/com/bikenest/servicebikenest/BikenestController.java)