How to add roles to Spring Boot security from a Zuul filter

icordoba Source

I am developing a Spring Boot REST application that has a custom token authentication system. The token holds the roles for the user as claims.

A Zuul proxy routes the traffic to multiple spring boot microservices and I would like to add a filter to the Zuul so that it extracts the roles from the token (stored as claims) and sets them in the Spring security environment (which I don't know the internals) so that I can configure the access in the micro services using the standard Spring security approach, using for example a WebSecurityConfigurerAdapter:

protected void configure(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.inMemoryAuthentication().withUser("user1").password("secret1")
                .roles("USER").and().withUser("admin1").password("secret1")
                .roles("USER", "ADMIN");
    }

So, to rephrase... how can I include those roles from my custom token using a pre-filter in Zuul so they are part of the AuthenticationManagerBuilder object?

spring-bootspring-securityjwtnetflix-zuul

Answers

comments powered by Disqus