0Pricing
Spring Security 6 & JWT Authentication · Lesson

Mapping JWT Claims to Spring Authorities

Learn how a resource server converts JWT claims into Spring Security GrantedAuthorities using JwtAuthenticationConverter for fine-grained access control.

From Claims to Authorities

A resource server validates a JWT, but to enforce access it needs Spring GrantedAuthority objects. The bridge between raw claims and authorities is the JwtAuthenticationConverter.

The Default Scope Mapping

By default Spring reads the scope or scp claim, splits it on spaces, and prefixes each value with SCOPE_. So a scope of read becomes the authority SCOPE_read.

// scope: 'read write'  ->  SCOPE_read, SCOPE_write

All lessons in this course

  1. Resource Server Setup
  2. Decoding and Validating JWTs
  3. Scopes and Claims Enforcement
  4. Mapping JWT Claims to Spring Authorities
← Back to Spring Security 6 & JWT Authentication