bilhej

History

Joakim Mörling 8217b9c038 feat: wire role-based authorities from JWT into Spring Security - JwtAuthenticationFilter now extracts the "role" claim from the JWT token and creates a SimpleGrantedAuthority("ROLE_" + role.toUpperCase()) on the authentication token. Previously the authorities list was always empty (only userDetails.getAuthorities() which returned List.of()) - SecurityConfig adds .requestMatchers("/api/admin/**").hasRole("ADMIN") so admin endpoints require the ROLE_ADMIN authority - All existing endpoints remain authenticated() only — no existing user flow is affected - Public endpoints (auth, webhooks, vehicles) still permitAll()	2026-05-15 12:14:39 +02:00
..
SecurityConfig.java	feat: wire role-based authorities from JWT into Spring Security	2026-05-15 12:14:39 +02:00

Joakim Mörling 8217b9c038 feat: wire role-based authorities from JWT into Spring Security

- JwtAuthenticationFilter now extracts the "role" claim from the JWT
  token and creates a SimpleGrantedAuthority("ROLE_" + role.toUpperCase())
  on the authentication token. Previously the authorities list was
  always empty (only userDetails.getAuthorities() which returned List.of())
- SecurityConfig adds .requestMatchers("/api/admin/**").hasRole("ADMIN")
  so admin endpoints require the ROLE_ADMIN authority
- All existing endpoints remain authenticated() only — no existing user
  flow is affected
- Public endpoints (auth, webhooks, vehicles) still permitAll()

2026-05-15 12:14:39 +02:00

SecurityConfig.java

feat: wire role-based authorities from JWT into Spring Security

2026-05-15 12:14:39 +02:00