From 993387fa0c965606986e4cbc3174b84af432c6d7 Mon Sep 17 00:00:00 2001
From: Jan Klattenhoff <jan@kjan.de>
Date: Wed, 2 Oct 2024 09:34:26 +0200
Subject: [PATCH 1/2] fix(security): update roles claim for granted authorities

---
 .../de/szut/lf8_starter/security/KeycloakSecurityConfig.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/de/szut/lf8_starter/security/KeycloakSecurityConfig.java b/src/main/java/de/szut/lf8_starter/security/KeycloakSecurityConfig.java
index c37b0bf..7ff32cc 100644
--- a/src/main/java/de/szut/lf8_starter/security/KeycloakSecurityConfig.java
+++ b/src/main/java/de/szut/lf8_starter/security/KeycloakSecurityConfig.java
@@ -84,8 +84,8 @@ class KeycloakSecurityConfig {
             List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
 
             Map<String, Object> realmAccess = jwt.getClaim(REALM_ACCESS_CLAIM);
-            if (realmAccess != null && realmAccess.containsKey("roles")) {
-                List<String> roles = (List<String>) realmAccess.get("roles");
+            if (realmAccess != null && realmAccess.containsKey(ROLES_CLAIM)) {
+                List<String> roles = (List<String>) realmAccess.get(ROLES_CLAIM);
                 for (String role : roles) {
                     grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + role));
                 }

From 9824fbbbfd68c394ba7bea768ec8d55a9fd4dad6 Mon Sep 17 00:00:00 2001
From: Jan Klattenhoff <jan@kjan.de>
Date: Wed, 2 Oct 2024 09:35:12 +0200
Subject: [PATCH 2/2] refactor(welcome): update getRoles method signature

---
 .../java/de/szut/lf8_starter/welcome/WelcomeController.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/de/szut/lf8_starter/welcome/WelcomeController.java b/src/main/java/de/szut/lf8_starter/welcome/WelcomeController.java
index 6ed067b..a565f3f 100644
--- a/src/main/java/de/szut/lf8_starter/welcome/WelcomeController.java
+++ b/src/main/java/de/szut/lf8_starter/welcome/WelcomeController.java
@@ -3,12 +3,12 @@ package de.szut.lf8_starter.welcome;
 
 
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.security.Principal;
+import java.util.Collection;
 
 @RestController
 public class WelcomeController {
@@ -19,7 +19,7 @@ public class WelcomeController {
     }
 
     @GetMapping("/roles")
-    public ResponseEntity<?> getRoles(Authentication authentication) {
+    public ResponseEntity<Collection<? extends GrantedAuthority>> getRoles(Authentication authentication) {
         return ResponseEntity.ok(authentication.getAuthorities());
     }