[Fix partially kbss-cvut/23ava-distribution#23] If security provider …

…is oidc don't add a default user role
kbss-cvut · Oct 22, 2024 · e8b6fae · e8b6fae
1 parent 62aa0d1
commit e8b6fae
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 7 deletions.
diff --git a/src/main/java/cz/cvut/kbss/analysis/model/User.java b/src/main/java/cz/cvut/kbss/analysis/model/User.java
@@ -14,10 +14,7 @@
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 
-import java.util.Collection;
-import java.util.Collections;
-import java.util.List;
-import java.util.Objects;
+import java.util.*;
 
 import static java.util.stream.Collectors.toList;
 
@@ -36,7 +33,7 @@ public class User extends AbstractEntity implements UserDetails {
     private String password;
 
     @Transient
-    private List<String> roles = Collections.singletonList(SecurityConstants.ROLE_USER);
+    private List<String> roles = new ArrayList<>();
 
     @Override
     public Collection<? extends GrantedAuthority> getAuthorities() {

diff --git a/src/main/java/cz/cvut/kbss/analysis/security/OAuth2SecurityConfig.java b/src/main/java/cz/cvut/kbss/analysis/security/OAuth2SecurityConfig.java
@@ -82,8 +82,6 @@ private Converter<Jwt, AbstractAuthenticationToken> grantedAuthoritiesExtractor(
                     new OidcGrantedAuthoritiesExtractor(config).convert(source);
             assert extractedRoles != null;
             final Set<SimpleGrantedAuthority> authorities = new HashSet<>(extractedRoles);
-            // Add default role if it is not present
-            authorities.add(new SimpleGrantedAuthority(SecurityConstants.ROLE_USER));
             return new JwtAuthenticationToken(source, authorities);
         };
     }