search

jhipster / generator-jhipster

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures.
https://www.jhipster.tech
Apache License 2.0
21.54k stars 4.02k forks source link

JWT: auth contains only one value #23376

Closed dave0688 closed 11 months ago

dave0688 commented 1 year ago
Overview of the issue

In the JWT token, there's only one role, even if two authorities are assigned for the user, i.e.:

{
  "sub": "my-email@email.de",
  "exp": 1696167323,
  "auth": "ROLE_MEMBER",
  "iat": 1693575323
}

So there is a mismatch between the authorities in the DB/User entity, and the JWT token.

The problem is that for example this here: 

@PreAuthorize("hasRole(\"" + AuthoritiesConstants.MEMBER + "\")")

is not working when the user has 2 roles (and the MEMBER role is the second one).

Motivation for or Use Case

JWT token gets generated and sent with every request.

Reproduce the error

Log into a jHipster application with a user. In User Management, assign a second role.

Log out, and log in again: Decode the jwt, and you will see that there's only one string in auth

Suggest a Fix
JHipster Version(s)

8.0.0-beta.2

Browsers and Operating System

MacOS, Chrome 116

github-actions[bot] commented 1 year ago

JHipster has completed the sample check .yo-rc.json: Entities JDL: Application: successfully generated Frontend check: skipped Backend check: skipped E2E check: skipped

mshima commented 1 year ago

It's missing jhipster info from the project.

mraible commented 11 months ago

Closing because no response.