cameleer/cameleer-saas
2
0
Fork 0
Code Issues 23 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: scope-based authorization — read standard scope claim, remove custom roles extraction
Some checks failed
CI / build (push) Failing after 18s
Details
CI / docker (push) Has been skipped
Details

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-05 14:04:16 +02:00
parent 9c2a1d27b7
commit 298f6e3e71
6 changed files with 20 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/net/siegeln/cameleer/saas/config/MeController.java
View File

@@ -34,9 +34,6 @@ public class MeController {
String orgId = jwt.getClaimAsString("organization_id");
List<String> globalRoles = jwt.getClaimAsStringList("roles");
boolean isPlatformAdmin = globalRoles != null && globalRoles.contains("platform-admin");
if (orgId != null) {
var tenant = tenantService.getByLogtoOrgId(orgId).orElse(null);
List<Map<String, Object>> tenants = tenant != null
@@ -49,7 +46,6 @@ public class MeController {
return ResponseEntity.ok(Map.of(
"userId", userId,
"isPlatformAdmin", isPlatformAdmin,
"tenants", tenants));
}
@@ -67,7 +63,6 @@ public class MeController {
return ResponseEntity.ok(Map.of(
"userId", userId,
"isPlatformAdmin", isPlatformAdmin,
"tenants", tenants));
}
}

17
src/main/java/net/siegeln/cameleer/saas/config/SecurityConfig.java
View File

@@ -62,17 +62,14 @@ public class SecurityConfig {
var converter = new JwtAuthenticationConverter();
converter.setJwtGrantedAuthoritiesConverter(jwt -> {
List<GrantedAuthority> authorities = new ArrayList<>();
var roles = jwt.getClaimAsStringList("roles");
if (roles != null) {
roles.forEach(r -> authorities.add(new SimpleGrantedAuthority("ROLE_" + r)));
String scope = jwt.getClaimAsString("scope");
if (scope != null) {
for (String s : scope.split(" ")) {
if (!s.isBlank()) {
authorities.add(new SimpleGrantedAuthority("SCOPE_" + s));
}
}
}
var orgRoles = jwt.getClaimAsStringList("organization_roles");
if (orgRoles != null) {
orgRoles.forEach(r -> authorities.add(new SimpleGrantedAuthority("ROLE_org_" + r)));
}
return authorities;
});
return converter;

4
src/main/java/net/siegeln/cameleer/saas/tenant/TenantController.java
View File

@@ -28,7 +28,7 @@ public class TenantController {
}
@GetMapping
@PreAuthorize("hasRole('platform-admin')")
@PreAuthorize("hasAuthority('SCOPE_platform:admin')")
public ResponseEntity<List<TenantResponse>> listAll() {
List<TenantResponse> tenants = tenantService.findAll().stream()
.map(this::toResponse).toList();
@@ -36,7 +36,7 @@ public class TenantController {
}
@PostMapping
@PreAuthorize("hasRole('platform-admin')")
@PreAuthorize("hasAuthority('SCOPE_platform:admin')")
public ResponseEntity<TenantResponse> create(@Valid @RequestBody CreateTenantRequest request,
Authentication authentication) {
try {