If spring-security support such extension:
@FunctionalInterface
public interface UserAuthorityMapper {
Collection<? extends GrantedAuthority> mapAuthorities(UserDetails user);
}
@FunctionalInterface
public interface UserRoleMapper extends UserAuthorityMapper {
Collection<String> mapRoles(UserDetails user);
@Override
default Collection<? extends GrantedAuthority> mapAuthorities(UserDetails user) {
return mapRoles(user).stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList());
}
}
and have a built-in implementation:
@Component
public class UsernameAndTypeRoleMapper implements UserRoleMapper {
@Override
public Collection<String> mapRoles(UserDetails user) {
return List.of(mapUsername(user), mapUserType(user));
}
protected String mapUsername(UserDetails user) {
return "USERNAME(" + user.getUsername() + ")";
}
protected String mapUserType(UserDetails user) {
Class<?> c = ReflectionUtils.getEntityClass(user);
String name = c.getSimpleName();
if (!StringUtils.hasLength(name)) {
name = c.getSuperclass().getSimpleName();
}
return name.toUpperCase();
}
}
Then every user will have an unique username role and type role, take User admin = new User("admin") for example, role USERNAME(admin) and USER will be added to its authorities.
I would like to submit a PR if the team decide to accept this feature request.