bannergress · ewoerner · Jan 29, 2025
diff --git a/src/main/java/com/bannergress/backend/security/KeycloakRealmRoleConverter.java b/src/main/java/com/bannergress/backend/security/KeycloakRealmRoleConverter.java
diff --git a/src/main/java/com/bannergress/backend/security/KeycloakSecurityConfig.java b/src/main/java/com/bannergress/backend/security/KeycloakSecurityConfig.java
@@ -4,12 +4,12 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.http.HttpHeaders;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig;
-import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.header.writers.StaticHeadersWriter;
 
@@ -23,8 +23,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         return http //
             .csrf(CsrfConfigurer::disable) //
             .headers(this::customizeHeaders)
-            .oauth2ResourceServer(
-                oauth2 -> oauth2.jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverter()))) //
+            .oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults())) //
             .authorizeHttpRequests(auth -> auth.anyRequest().permitAll()) //
             .build();
     }
@@ -34,10 +33,4 @@ private HeadersConfigurer<HttpSecurity> customizeHeaders(HeadersConfigurer<HttpS
             .cacheControl(CacheControlConfig::disable)
             .addHeaderWriter(new StaticHeadersWriter(HttpHeaders.CACHE_CONTROL, "must-revalidate"));
     }
-
-    private JwtAuthenticationConverter jwtAuthenticationConverter() {
-        JwtAuthenticationConverter jwtConverter = new JwtAuthenticationConverter();
-        jwtConverter.setJwtGrantedAuthoritiesConverter(new KeycloakRealmRoleConverter());
-        return jwtConverter;
-    }
 }
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
@@ -36,9 +36,8 @@ spring:
       resourceserver:
         jwt:
           issuer-uri: ${keycloak.auth-server-url}/realms/${keycloak.realm}
-
-keycloak:
-  bearer-only: true
+          authority-prefix: ROLE_
+          authorities-claim-name: roles
 
 springdoc:
   paths-to-match:
@@ -55,8 +54,6 @@ server:
 
 spring:
   config.activate.on-profile: dev
-keycloak:
-  enabled: false
 
 logging:
   level: