jocke/bilhej
1
0
Fork 0
Code Issues Pull requests 2 Projects Releases 1 Packages Wiki Activity Actions
bilhej/backend/src/main/java/se/bilhalsning/security
History
Joakim Mörling 8217b9c038 feat: wire role-based authorities from JWT into Spring Security 
- JwtAuthenticationFilter now extracts the "role" claim from the JWT
  token and creates a SimpleGrantedAuthority("ROLE_" + role.toUpperCase())
  on the authentication token. Previously the authorities list was
  always empty (only userDetails.getAuthorities() which returned List.of())
- SecurityConfig adds .requestMatchers("/api/admin/**").hasRole("ADMIN")
  so admin endpoints require the ROLE_ADMIN authority
- All existing endpoints remain authenticated() only — no existing user
  flow is affected
- Public endpoints (auth, webhooks, vehicles) still permitAll()
2026-05-15 12:14:39 +02:00
..
JwtAuthenticationFilter.java feat: wire role-based authorities from JWT into Spring Security 2026-05-15 12:14:39 +02:00
JwtService.java feat: add admin role support to backend JWT authentication 2026-05-14 12:38:55 +02:00
UserDetailsServiceImpl.java feat: implement JWT authentication — service, filter, SecurityFilterChain 2026-05-01 17:38:17 +02:00