π΅ INCOMING HTTP REQUEST
|
V
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π FilterChainProxy (springSecurityFilterChain) β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
V
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π BearerTokenAuthenticationFilter (JWT is extracted) β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
V
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
JWT Validated (Signature, Expiry, Issuer, etc.) β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
V
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π JwtAuthenticationConverter is invoked β
β - Your bean: JwtAuthConverter β
β - Reads 'realm_access.roles' from JWT β
β - Maps to ROLE_xxx and returns authorities β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
V
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π JwtAuthenticationToken is created with roles and user infoβ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
V
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π₯ SecurityContextHolder.setContext(authenticationToken) β
β (Spring "remembers" the user for this request) β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
V
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
Authorization checks applied (based on path + authorities)β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
V
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π¦ DispatcherServlet β Finds Controller β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
V
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π― Controller method runs (you can access Authentication) β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ