1

My setup is an AuthorizationServer where i authenticate against ldap. When i request the user from the authorizationserver directly he has a specifc Authority depending on the ldap group.

When i look at the Oauth2Authentication in the ResourceServer while debugging, only the userAuthentication.details.authorities has this authority. Any other authority is set to ROLE_USER.

Is ist possible to use the Authority of the user provided by the AuthorizationServer?

If i use spring.oauth2.resource.tokenInfoUri to retrieve the authority, it works. But i want to use the UserDetails provided by the AuthorizationServer..

Yannic Bürgmann
  • 6,301
  • 5
  • 43
  • 77

1 Answers1

0

The solution was to create a custom UserInfoTokenServices as and provide it as i explained in an answer to a very similar question.

In this UserInfoTokenServices I was able to extract the authorities out of the respone of the /usersendpoint of the authorization server.

!!UPDATE!! With Spring Boot 1.4.0 things are getting easier!

With Spring Boot 1.4.0 a PrincipalExtractor was introduced. This class should be implemented to extract a custom principal (see Spring Boot 1.4 Release Notes).

If its only about authorities you can implement AuthoritiesExtractor.

Community
  • 1
  • 1
Yannic Bürgmann
  • 6,301
  • 5
  • 43
  • 77