Я пытаюсь запустить безопасность метода Spring, и у меня возникли проблемы с моим токеном.
Это выглядит так (токен доступа после вызова check_token на AuthServer):
There are nine authorities. BUT......if I try to check like this:
I get the following error:
access_denied
Zugriff verweigert
When I try that:
It works fine.
So I debugged without the Annotation in order to look into the Authentification parameter that a use in the method signature.
And I found out that there is only the last authority in the list.
I think that this is the problem and the reason why it only works when I check for "delete_user" and not for all the other authorities that are in the access token.
Does anybody have an idea why there are all authorities in the token but Spring only has the last one added in the Authentification object?
UPDATE
I dived very deep with debugging and I think I found the problem, but still dont know how to fix it.
Before doing the auth spring calls the "check_token"-Api of my auth-server. And the reponse actually looks looke like in the screenshot above -> "authorities" is a list of String.
BUT..... Spring uses Jackson to convert the whole token-content to a map. But it converts als lists to a single string, which then always is the last value.
The problematic line of code should be that:
NoTypeDescr
Не задан машинописный текст (должен быть массив), так что Джексон принимает его как одну строку.
Spring использует jackson-databind-2.11.0
Есть идеи, как это можно исправить?