cameleer/cameleer-saas
2
0
Fork 0
Code Issues 23 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: scope-based authorization — read standard scope claim, remove custom roles extraction
Some checks failed
CI / build (push) Failing after 18s
Details
CI / docker (push) Has been skipped
Details

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-05 14:04:16 +02:00
parent 9c2a1d27b7
commit 298f6e3e71
6 changed files with 20 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/test/java/net/siegeln/cameleer/saas/TestSecurityConfig.java
View File

@@ -7,7 +7,6 @@ import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import java.time.Instant;
import java.util.List;
@TestConfiguration
public class TestSecurityConfig {
@@ -20,8 +19,7 @@ public class TestSecurityConfig {
.claim("sub", "test-user")
.claim("iss", "https://test-issuer.example.com/oidc")
.claim("organization_id", "test-org-id")
.claim("roles", List.of("platform-admin"))
.claim("organization_roles", List.of("admin"))
.claim("scope", "platform:admin tenant:manage apps:manage apps:deploy observe:read observe:debug secrets:manage billing:manage team:manage settings:manage")
.issuedAt(Instant.now())
.expiresAt(Instant.now().plusSeconds(3600))
.build();

4
src/test/java/net/siegeln/cameleer/saas/license/LicenseControllerTest.java
View File

@@ -40,8 +40,8 @@ class LicenseControllerTest {
var result = mockMvc.perform(post("/api/tenants")
.with(jwt().jwt(j -> j
.claim("sub", "test-user")
.claim("roles", java.util.List.of("platform-admin")))
.authorities(new SimpleGrantedAuthority("ROLE_platform-admin")))
.claim("scope", "platform:admin"))
.authorities(new SimpleGrantedAuthority("SCOPE_platform:admin")))
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsString(request)))
.andExpect(status().isCreated())

16
src/test/java/net/siegeln/cameleer/saas/tenant/TenantControllerTest.java
View File

@@ -41,8 +41,8 @@ class TenantControllerTest {
.with(jwt().jwt(j -> j
.claim("sub", "test-user")
.claim("organization_id", "test-org")
.claim("roles", java.util.List.of("platform-admin")))
.authorities(new SimpleGrantedAuthority("ROLE_platform-admin")))
.claim("scope", "platform:admin"))
.authorities(new SimpleGrantedAuthority("SCOPE_platform:admin")))
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsString(request)))
.andExpect(status().isCreated())
@@ -59,8 +59,8 @@ class TenantControllerTest {
mockMvc.perform(post("/api/tenants")
.with(jwt().jwt(j -> j
.claim("sub", "test-user")
.claim("roles", java.util.List.of("platform-admin")))
.authorities(new SimpleGrantedAuthority("ROLE_platform-admin")))
.claim("scope", "platform:admin"))
.authorities(new SimpleGrantedAuthority("SCOPE_platform:admin")))
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsString(request)))
.andExpect(status().isCreated());
@@ -68,8 +68,8 @@ class TenantControllerTest {
mockMvc.perform(post("/api/tenants")
.with(jwt().jwt(j -> j
.claim("sub", "test-user")
.claim("roles", java.util.List.of("platform-admin")))
.authorities(new SimpleGrantedAuthority("ROLE_platform-admin")))
.claim("scope", "platform:admin"))
.authorities(new SimpleGrantedAuthority("SCOPE_platform:admin")))
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsString(request)))
.andExpect(status().isConflict());
@@ -93,8 +93,8 @@ class TenantControllerTest {
var createResult = mockMvc.perform(post("/api/tenants")
.with(jwt().jwt(j -> j
.claim("sub", "test-user")
.claim("roles", java.util.List.of("platform-admin")))
.authorities(new SimpleGrantedAuthority("ROLE_platform-admin")))
.claim("scope", "platform:admin"))
.authorities(new SimpleGrantedAuthority("SCOPE_platform:admin")))
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsString(request)))
.andExpect(status().isCreated())