We are trying to Auhenticate / Authorise our Java Application using Spring Security. Our Identity Provider is a custom OAUTH provider (Manages the user and its Permission) and upon successful authentication will redirect to our application with Access Token (JWT) . The Token is signed using HS256 algorithm and upon sucessfull Decoding we can get all the permissions that is there for the user. Questions is how can I leverage the existing Authorisation framework provided by the Spring Security like JSR250 annotations like @RolesAllowed with the User details which the Spring framework does not holds?
In all the examples I have seen so far the Spring framework manages the UserDetailsService itself where Spring is Aware of the User details.
So question is how can I map the roles that I get in Token to inform Spring framework to apply those roles against @RolesAllowed annotations in the REST endpoints. I believe I have to write some custom implementation of the UserDetailsService ?