Hello!
Our company uses self-written sso (not OAuth2, not openID).
Having received the JWT token, I don’t know what to do next with it and how to make friends with jmix.
i extend OncePerRequestFilter and send request to our sso…but what is next?
please help) thx
Hi,
The main idea is rather straightforward: you should validate the token, decode it, create proper Authentication object and set it to the SecurityContext.
In order to understand how Jmix works together with OpenID Connect JWT tokens I would suggest to create a sample Jmix project with Keycloak and debug the code that processes JWT. You may take a look at:
Talking about Jmix specifics you must pay attention to several important things.
First, the “principal” of the Authentication that you put to the security context must implement the io.jmix.security.authentication.JmixUserDetails interface.
Second, the authentication object must have authorities collection filled with instances of io.jmix.security.authentication.RoleGrantedAuthority. Take a look here for example of how to convert Jmix resource and row-level roles into a collection of RoleGrantedAuthorities.
io.jmix.oidc.jwt.JmixJwtAuthenticationConverter is the class that converts Jwt object produced by Spring Security into Authentication that may be processed by Jmix.