I'm using
compile ':spring-security-core:2.0-RC2'
compile ':spring-security-oauth:2.0.2'
compile ':spring-security-oauth-facebook:0.1'
in my project.
In the scaffolded SpringSecurityOAuthController there's a method to update OAuthToken:
protected OAuthToken updateOAuthToken( OAuthToken oAuthToken, UserAccount user ) {
//....
oAuthToken.principal = user
oAuthToken.authorities = user.authorities // Set<GrantedAuthorities>
oAuthToken.authenticated = true
oAuthToken
}
when I log in, I see no authorities set:
grails.plugin.springsecurity.oauth.FacebookOAuthToken@a3795c4b: Principal: ; Credentials: [PROTECTED]; Authenticated: true; Details: null; Not granted any authorities
although user's roles are ROLE_USER, ROLE_ADMIN
I checked the class structure, and found that:
class FacebookOAuthToken extends OAuthToken {..}
and
abstract class OAuthToken extends AbstractAuthenticationToken {
///....
Collection<GrantedAuthority> authorities
}
and
public abstract class AbstractAuthenticationToken implements Authentication, CredentialsContainer {
//...
private final Collection<GrantedAuthority> authorities;
}
So, the authorities are obviously taken from AbstractAuthenticationToken.authorities property, and not from OAuthToken.authorities.
Any chance to fix that?
ok, the problem was somewhere else :)
I shouldv'e used <sec:ifAnyGranted> instead of <sec:ifAllGranted> to check the authorities...