In my application I'm using firm's OKTA for user auth.

This application has its own custom ROLES which are not present in OKTA group.

Based on these custom roles, I want to provide access to different areas in the web application.

Based on my understanding, by default, spring boot considers OKTA groups of user to authorise them.

How can I apply authorization based on custom roles, so that I can use them in .hasAnyAuthority() or @PreAuthorize?

My current configuration:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyOidcService oidcUserService;

    @Override
    public void configure(HttpSecurity http) throws Exception {

        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers("/").authenticated()
                 .and().oauth2Login().userInfoEndpoint().oidcUserService(oidcUserService).customUserType(MyOidcService.class, "customUser")
                 .and().defaultSuccessUrl(appAuthSuccessURL, true).failureUrl(notAuthenticatedURL)
                 .and().exceptionHandling().authenticationEntryPoint(getAuthenticationEntryPoint())
                 .and().securityContext().securityContextRepository(new CookieSecurityContextRepository(authCookieHelper));

    }

    private AuthenticationEntryPoint getAuthenticationEntryPoint() {
        final LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint =
                new LoginUrlAuthenticationEntryPoint(loginPromptURL);
        return loginUrlAuthenticationEntryPoint;
    }

}