SUNDAY, JULY 19, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Dev Tools · 5h ago

Fix Keycloak roles in Spring Security with custom JWT converter

By Meridian48 News Desk · Summarised from DEV Community ·

Spring Security's default JWT converter ignores Keycloak's role structure, causing @PreAuthorize checks to fail silently. Keycloak stores roles in realm_access.roles and resource_access claims, not the scope claim Spring expects. Developers must write a custom converter to map these roles to GrantedAuthority objects.

Meridian48 take
This is a common integration pitfall that the ecosystem should address with better defaults or documentation.
Read the full reporting
Your Keycloak roles aren't working in Spring Security. Here's the actual reason. →
DEV Community
keycloakspring-security
More dev tools briefs
Go deeper on dev tools
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan