Mapping your Users and Roles with Spring Boot OAuth2

Thankfully, Spring Boot provides mechanisms for us to accomplish this with relative ease. We’re going to use Facebook as our provider in this example. Let’s start by taking a look at mapping the resource information from Facebook to our User object, CurrentUser. While implementation may vary based on your User and lifecycle, you’ll need to define your own PrincipalExtractor:

In this example, we also create a User if one isn’t found to exist, but you can do that somewhere else in the lifecycle if you prefer, such as in the /user endpoint. After registering your PrincipalExtractor, calls to SecurityContextHolder.getContext().getAuthentication().getPrincipal() should return an instance of the User object you’ve defined and returned from extractPrincipal().

As in our case above, we often want to define our own Roles for our Users and may also add further Roles to these Users in the future. In a very similar manner as with the Principal, Spring Boot provides a mechanism for this via an AuthoritiesExtractor. Your implementation may vary from the example, but the means are the same:

Now, when checking GrantedAuthorities on your Principal, or when using other Spring Security features such as @PreAuthorize, the Roles of your User, returned from extractAuthorities(), will be used for authorization.

I hope this helps anyone trying to achieve this kind of functionality, as I couldn’t find many helpful examples other than some mentions of the Extractors in passing.

Related posts:

Email ini singkat aja... “Ketika pekerjaan konvensional ga mampu melakukan nya” is published by Ruslan Abdul Ghani.

Our ability to distinguish between what is real and what is not is a result of our past knowledge or familiarity with reality. How do we know that a magician beheading a person and bringing back the…

A tale of a scuba diving misadventure that will remind you of the importance of taking your training seriously; peacetime casualty/fatality should not exist