Springboot Security hasRole not working

by

You have to name your authority with prefix ROLE_ to use isUserInRole, see Spring Security Reference:

The HttpServletRequest.isUserInRole(String) will determine if SecurityContextHolder.getContext().getAuthentication().getAuthorities() contains a GrantedAuthority with the role passed into isUserInRole(String). Typically users should not pass in the “ROLE_” prefix into this method since it is added automatically. For example, if you want to determine if the current user has the authority “ROLE_ADMIN”, you could use the following:

boolean isAdmin = httpServletRequest.isUserInRole("ADMIN");

Same for hasRole (also hasAnyRole), see Spring Security Reference:

Returns true if the current principal has the specified role. By default if the supplied role does not start with ‘ROLE_’ it will be added. This can be customized by modifying the defaultRolePrefix on DefaultWebSecurityExpressionHandler.

More Related Contents:

  1. Spring Security: Upgrading the deprecated WebSecurityConfigurerAdapter in Spring Boot 2.7.0
  2. Spring Boot 2.0.0 + OAuth2
  3. Should I explicitly send the Refresh Token to get a new Access Token – JWT
  4. Spring Security with SOAP web service is working in Tomcat, but not in WebLogic
  5. Spring Boot 2.0 disable default security
  6. I can’t update my webapp to Spring Boot 2.6.0 (2.5.7 works but 2.6.0 doesn’t)
  7. Error during spring vault configuration in spring boot application
  8. How to configure CORS in a Spring Boot + Spring Security application?
  9. Filter invoke twice when register as Spring bean
  10. Spring security CORS Filter
  11. Spring boot Security Disable security
  12. Spring Boot & JPA: Implementing search queries with optional, ranged criteria
  13. How to disable ‘X-Frame-Options’ response header in Spring Security?
  14. Disable security for unit tests with spring boot
  15. How to enable HTTP response caching in Spring Boot
  16. 401 instead of 403 with Spring Boot 2
  17. Multiple WebSecurityConfigurerAdapter in spring boot for multiple patterns
  18. Spring Boot ClassNotFoundException org.springframework.core.metrics.ApplicationStartup
  19. Difference between using MockMvc with SpringBootTest and Using WebMvcTest
  20. Multi-tenancy: Managing multiple datasources with Spring Data JPA
  21. antMatchers that matches any beginning of path
  22. Eureka and Kubernetes
  23. Spring Boot enabling CORS by application.properties
  24. Precedence order among properties file, YAML file, and Command Line arguments in SpringBoot
  25. Spring Boot with embedded Tomcat behind Apache proxy
  26. Load spring boot app properties from database
  27. How do I disable resolving login parameters passed as url parameters / from the url
  28. Spring Boot : Custom Validation in Request Params
  29. Certificate for doesn’t match any of the subject alternative names
  30. How to run Swagger 3 on Spring Boot 3

Leave a Comment