Springboot Security hasRole not working

spring-boot spring-security

I’m unable to use hasRole method in @PreAuthorize annotation. Also request.isUserInRole(“ADMIN”) gives false. What am I missing? Although .hasAuthority(“ADMIN”) works fine.

I am assigning authorities to the users from a database.


Solution 1:

You have to name your authority with prefix ROLE_ to use isUserInRole, see Spring Security Reference:

The HttpServletRequest.isUserInRole(String) will determine if SecurityContextHolder.getContext().getAuthentication().getAuthorities() contains a GrantedAuthority with the role passed into isUserInRole(String). Typically users should not pass in the "ROLE_" prefix into this method since it is added automatically. For example, if you want to determine if the current user has the authority "ROLE_ADMIN", you could use the following:

boolean isAdmin = httpServletRequest.isUserInRole("ADMIN");

Same for hasRole (also hasAnyRole), see Spring Security Reference:

Returns true if the current principal has the specified role. By default if the supplied role does not start with 'ROLE_' it will be added. This can be customized by modifying the defaultRolePrefix on DefaultWebSecurityExpressionHandler.

Related

error in python d not defined. [duplicate]
How can I include a folder with cx_freeze?
Setting an argument with bash [duplicate]
jquery ui datepicker and mvc view model type datetime
How to handle events from keyboard and mouse in full screen exclusive mode in java?
How to filter an array by a condition
Pandas Melt Function
ConstraintLayout views in top left corner
Python C program subprocess hangs at "for line in iter"
How to extract data from csv file in PHP
Iterating on a file doesn't work the second time
Why do we need break after case statements?