Spring Boot Security @Secured on method level

First, authorities need to be loaded into the Authentication.

private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request, JwtPayload jwtPayload) {

		List<GrantedAuthority> authorities = new ArrayList<>();
		if (jwtPayload.getAuthorities() != null || jwtPayload.getAuthorities().isEmpty() == false) {
			for (String role : jwtPayload.getAuthorities()) {
				authorities.add(new SimpleGrantedAuthority("ROLE_" + role.toUpperCase()));
			}
		}
		return new UsernamePasswordAuthenticationToken(jwtPayload, jwtPayload.getUid(), authorities);
	}

On the method level use @Secured

	@Secured(value={"ROLE_"+Role.ADMIN})
	@ApiOperation(value = "Get Member By Uuid")
	@GetMapping("/users/{uid}")
	public ResponseEntity<UserDto> getUserByUid(@RequestHeader(name="token", required=true) String token, @ApiParam(name="uid", required=true, value="uid") @PathVariable("uid") String uid){
		log.debug("getUserByUid(..)");
		
		User user = userService.getByUid(uid);
		
		UserDto userDto = userMapper.userToUserDto(user);
		
		log.debug("userDto: {}",ObjectUtils.toJson(userDto));
		
		return new ResponseEntity<>(userDto, HttpStatus.OK);
	}



Subscribe To Our Newsletter
You will receive our latest post and tutorial.
Thank you for subscribing!

required
required


Leave a Reply

Your email address will not be published.