Good afternoon, guys. I have an application where I get a JWT token, login is treated in a separate application and in that token I get the roles. I need to use Spring Security to validate the same and handle permission to access the endpoints and if access is allowed send an object to be used by the system. I put a code where it does what I want, but I do not know if it was the best way. I had this doubt, because the object I need includes within the detail of the authentication class:
final UserDetails userDetails = userDetailsService.loadUserByUsername("");
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
authentication.setDetails("bla bla bla")));
SecurityContextHolder.getContext().setAuthentication(authentication);
As it is possible to check in the code I did not use any data to validate the login (because it is not treated in this application). I do not know if this is a good approach, if someone can help me with a better idea or know the correct practice for this scenario thank you.
Vlwww
[] 's