JWT + Spring Security without authentication

2

Good afternoon, guys. I have an application where I get a JWT token, login is treated in a separate application and in that token I get the roles. I need to use Spring Security to validate the same and handle permission to access the endpoints and if access is allowed send an object to be used by the system. I put a code where it does what I want, but I do not know if it was the best way. I had this doubt, because the object I need includes within the detail of the authentication class:

    final UserDetails userDetails = userDetailsService.loadUserByUsername("");
    final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
            userDetails, null, userDetails.getAuthorities());
    authentication.setDetails("bla bla bla")));
    SecurityContextHolder.getContext().setAuthentication(authentication);

As it is possible to check in the code I did not use any data to validate the login (because it is not treated in this application). I do not know if this is a good approach, if someone can help me with a better idea or know the correct practice for this scenario thank you.

Vlwww

[] 's

    
asked by anonymous 24.07.2018 / 18:25

0 answers