I'm using Spring Authorization Server with a custom UserDetailsService. I have extended User class to add two extra properties (AuthenticatedUser extends User) and once the user is authenticated, my UserDetailsService returns this AuthenticatedUser object.
I tried to implement JdbcOAuth2AuthorizationService to store my authorizations (with a Postgres db) and I noticed that when the JdbcOAuth2AuthorizationService inserts the authorization to the table, it stores the principal as User object not as an AuthenticatedUser object.
In the db, this is what I see under the attributes column.
"principal":{"@class":"org.springframework.security.core.userdetails.User","password":null,"username":"demouser","authorities":["java.util.Collections$UnmodifiableSet",[{"@class":"org.springframework.security.core.authority.SimpleGrantedAuthority","authority":"engineering"},{"@class":"org.springframework.security.core.authority.SimpleGrantedAuthority","authority":"manager"}]],"accountNonExpired":true,"accountNonLocked":true,"credentialsNonExpired":true,"enabled":true},"credentials":null}}
In the correct scenario, org.springframework.security.core.userdetails.User should be com.my.package.models.AuthenticatedUser and it should contain the extra properties I have extended.
By doing some debugging I managed to figure out that the correct class is being passed until the following method in JdbcTemplate.
public int update(String sql, @Nullable PreparedStatementSetter pss) throws DataAccessException {
return update(new SimplePreparedStatementCreator(sql), pss);
}
In here, pss has the correct class but still it saves the previous User class in the db.
My question is, does anyone know why is this happening and how can I solve this issue and store AuthenticatedUser class in the db.
TIA