How to add roles to Spring Boot security from a Zuul filter

icordoba Source

I am developing a Spring Boot REST application that has a custom token authentication system. The token holds the roles for the user as claims.

A Zuul proxy routes the traffic to multiple spring boot microservices and I would like to add a filter to the Zuul so that it extracts the roles from the token (stored as claims) and sets them in the Spring security environment (which I don't know the internals) so that I can configure the access in the micro services using the standard Spring security approach, using for example a WebSecurityConfigurerAdapter:

protected void configure(AuthenticationManagerBuilder auth)
            throws Exception {
                .roles("USER", "ADMIN");

So, to rephrase... how can I include those roles from my custom token using a pre-filter in Zuul so they are part of the AuthenticationManagerBuilder object?



comments powered by Disqus