Spring-security: Resource Server configurers should pick up a JwtAuthenticationConverter bean
It's quite convenient to be able to expose JwtDecoder or ReactiveJwtDecoder as a bean and have Spring Security's OAuth 2.0 Resource Server pick it up.
It would be nice to be able to do the same with JwtAuthenticationConverter:
@Bean
JwtAuthenticationConverter jwtAuthenticationConverter() {
JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
converter.setJwtGrantedAuthoritiesConverter(...);
return converter;
}
jzheaux
All 5 comments
I would like to take this task.
evgeniycheban
on 8 Apr 2020
@jzheaux Yes this could solve my issue where I have multiple filter chains but as a client I should not have to worry about that bean, I want to define it and forget it. I mean, I don鈥檛 want to inject that bean in each filter chain, spring security should handle it behind the scene.
akuma8
on 9 Apr 2020
Sure, @evgeniycheban! It's yours.
jzheaux
on 9 Apr 2020
Hi @jzheaux,
Is this feature released? If yes, which version of Spring Security? I would like to migrate my current configurations to this one.
Also I would like to contribute again, if you have issues for new committers please let me kow.
akuma8
on 12 Oct 2020
Yes, @akuma8, it was released in 5.4.0-M1. The GA version (5.4.0) released in September.
It would be great to get more contributions from you! Please check for the ideal-for-contribution label for some ideas. Currently, I don't see any OAuth 2.0 ones, but there's a SAML 2.0 ticket there that would be helpful.
jzheaux
on 14 Oct 2020
Related issues
mstoecklmayr
路
3Comments
kazuki43zoo
路
4Comments
joshlong
路
3Comments
muzuro
路
3Comments
cipriandumitrel
路
3Comments
Most helpful comment
@jzheaux Yes this could solve my issue where I have multiple filter chains but as a client I should not have to worry about that bean, I want to define it and forget it. I mean, I don鈥檛 want to inject that bean in each filter chain, spring security should handle it behind the scene.