Update user roles and add authorize endpoint

src/main/java/com/danielbohry/authservice/api/AuthController.java

@@ -2,10 +2,15 @@ package com.danielbohry.authservice.api;
 
 import com.danielbohry.authservice.api.dto.AuthenticationRequest;
 import com.danielbohry.authservice.api.dto.AuthenticationResponse;
+import com.danielbohry.authservice.domain.ApplicationUser;
 import com.danielbohry.authservice.service.auth.AuthService;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
 
 @Slf4j
@@ -31,4 +36,17 @@ public class AuthController {
         return ResponseEntity.ok(response);
     }
 
+    @PostMapping("authorize")
+    public ResponseEntity<Object> authorize(@RequestParam(defaultValue = "USER", required = false) String authority) {
+        SecurityContext context = SecurityContextHolder.getContext();
+        Object principal = context.getAuthentication().getPrincipal();
+        if (principal instanceof ApplicationUser user) {
+            if (user.getAuthorities().stream().map(GrantedAuthority::getAuthority).toList().contains(authority)) {
+                return ResponseEntity.ok().build();
+            }
+        }
+
+        return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+    }
+
 }

src/main/java/com/danielbohry/authservice/config/SecurityConfig.java

@@ -31,7 +31,7 @@ public class SecurityConfig {
         http.csrf().disable()
                 .authorizeHttpRequests(requests -> requests
                         .requestMatchers("/actuator/health", "/actuator/info", "/actuator/prometheus", "/api/register", "/api/authenticate").permitAll()
-                        .requestMatchers("/api/users").authenticated()
+                        .requestMatchers("/api/users", "api/authorize").authenticated()
                         .anyRequest().authenticated()
                 )
                 .sessionManagement(manager -> manager.sessionCreationPolicy(STATELESS))

src/main/java/com/danielbohry/authservice/domain/ApplicationUser.java

@@ -19,12 +19,12 @@ public class ApplicationUser implements UserDetails {
     private String username;
     private String password;
     private String email;
-    private Role role;
+    private List<Role> roles;
     private boolean active;
 
     @Override
     public Collection<? extends GrantedAuthority> getAuthorities() {
-        return List.of(new SimpleGrantedAuthority(role.name()));
+        return roles.stream().map(role -> new SimpleGrantedAuthority(role.name())).toList();
     }
 
     @Override

src/main/java/com/danielbohry/authservice/service/auth/AuthService.java

@@ -29,9 +29,9 @@ public class AuthService implements UserDetailsService {
     @Override
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
         var user = service.findByUsername(username);
-        var authority = new SimpleGrantedAuthority("ROLE_" + user.getRole());
+        var authorities = user.getRoles().stream().map(role -> new SimpleGrantedAuthority("ROLE_" + role)).toList();
 
-        return new User(user.getUsername(), user.getPassword(), singletonList(authority));
+        return new User(user.getUsername(), user.getPassword(), authorities);
     }
 
     public AuthenticationResponse signup(AuthenticationRequest request) {

src/main/java/com/danielbohry/authservice/service/auth/JwtAuthenticationFilter.java

@@ -36,10 +36,8 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
         }
         jwt = authHeader.substring(7);
         username = jwtService.extractUsername(jwt);
-        if (StringUtils.isNotEmpty(username)
-                && SecurityContextHolder.getContext().getAuthentication() == null) {
-            UserDetails userDetails = userService.userDetailsService()
-                    .loadUserByUsername(username);
+        if (StringUtils.isNotEmpty(username) && SecurityContextHolder.getContext().getAuthentication() == null) {
+            UserDetails userDetails = userService.userDetailsService().loadUserByUsername(username);
             if (jwtService.isTokenValid(jwt, userDetails)) {
                 SecurityContext context = SecurityContextHolder.createEmptyContext();
                 UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(

src/main/java/com/danielbohry/authservice/service/user/UserService.java

@@ -8,6 +8,7 @@ import lombok.AllArgsConstructor;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.stereotype.Service;
 
+import java.util.List;
 import java.util.UUID;
 
 import static com.danielbohry.authservice.domain.Role.USER;
@@ -33,7 +34,7 @@ public class UserService {
 
         applicationUser.setId(UUID.randomUUID().toString());
         applicationUser.setPassword(applicationUser.getPassword());
-        applicationUser.setRole(USER);
+        applicationUser.setRoles(List.of(USER));
         applicationUser.setActive(true);
 
         repository.save(applicationUser);