Code Hints

  From a Spring Security perspective a GrantedAuthority is the method to provide authorization for a user. Spring Security has its own implementation (code and database) for authorization, but what if your application already has its own role-based authorization? This article will dive into one approach which may work for your needs. Other Articles Architecture -  Spring Security Architecture Part 1 -  Security configuration Part 2 -  How to handle UserDetails gracefully Part 3 -  UserDetails for OAuth authentication Part 4 -  Handling GrantedAuthorities with custom roles/permissions Part 5 -  Security tags for Freemarker If you’re new to Spring, you should take a look at  Getting started with Spring Framework for Web Apps GrantedAuthority A granted authority is a fairly simple object with a big role to play in the securing of your application. There is no hard-and-fast rule how to implement it other than to return a string object with  String getAuthority() . There are 6 subclasses in

  In the last article, I showed you how to return your own   UserDetails   object via a bean interface for username/password authentication. But what if you want to use OAuth authentication too? Spring Security works differently with OAuth but with a little engineering we can bring it all together into a cohesive solution. Other Articles Architecture -  Spring Security Architecture Part 1 -  Security configuration Part 2 -  How to handle UserDetails gracefully Part 3 -  UserDetails for OAuth authentication Part 4 -  Handling GrantedAuthorities with custom roles/permissions Part 5 -  Security tags for Freemarker If you’re new to Spring, you should take a look at  Getting started with Spring Framework for Web Apps OidcUser You’ve already learned about  UserDetails  but do you know about its cousin [OidcUser](https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/oauth2/core/oidc/user/OidcUser.html? Oidc is a representation of a user Principal that is re