OAuthToken.authorities are not filled in spring security oauth facebook plugin in Grails 2.3

Question

I'm using

  compile ':spring-security-core:2.0-RC2'
  compile ':spring-security-oauth:2.0.2'
  compile ':spring-security-oauth-facebook:0.1'

in my project.

In the scaffolded SpringSecurityOAuthController there's a method to update OAuthToken:

protected OAuthToken updateOAuthToken( OAuthToken oAuthToken, UserAccount user ) {
  //....
  oAuthToken.principal = user
  oAuthToken.authorities = user.authorities // Set<GrantedAuthorities>
  oAuthToken.authenticated = true

  oAuthToken
}

when I log in, I see no authorities set:

grails.plugin.springsecurity.oauth.FacebookOAuthToken@a3795c4b: Principal: ; Credentials: [PROTECTED]; Authenticated: true; Details: null; Not granted any authorities

although user's roles are ROLE_USER, ROLE_ADMIN

I checked the class structure, and found that:

class FacebookOAuthToken extends OAuthToken {..}

and

abstract class OAuthToken extends AbstractAuthenticationToken {
    ///....
    Collection<GrantedAuthority> authorities
}

and

public abstract class AbstractAuthenticationToken implements Authentication, CredentialsContainer {
  //...
  private final Collection<GrantedAuthority> authorities;
}

So, the authorities are obviously taken from AbstractAuthenticationToken.authorities property, and not from OAuthToken.authorities.

Any chance to fix that?

Answer 1

ok, the problem was somewhere else :)

I shouldv'e used <sec:ifAnyGranted> instead of <sec:ifAllGranted> to check the authorities...