Spring Boot Security @Secured on method level

First, authorities need to be loaded into the Authentication.

private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request, JwtPayload jwtPayload) {

		List<GrantedAuthority> authorities = new ArrayList<>();
		if (jwtPayload.getAuthorities() != null || jwtPayload.getAuthorities().isEmpty() == false) {
			for (String role : jwtPayload.getAuthorities()) {
				authorities.add(new SimpleGrantedAuthority("ROLE_" + role.toUpperCase()));
		return new UsernamePasswordAuthenticationToken(jwtPayload, jwtPayload.getUid(), authorities);

On the method level use @Secured

	@ApiOperation(value = "Get Member By Uuid")
	public ResponseEntity<UserDto> getUserByUid(@RequestHeader(name="token", required=true) String token, @ApiParam(name="uid", required=true, value="uid") @PathVariable("uid") String uid){
		User user = userService.getByUid(uid);
		UserDto userDto = userMapper.userToUserDto(user);
		log.debug("userDto: {}",ObjectUtils.toJson(userDto));
		return new ResponseEntity<>(userDto, HttpStatus.OK);

Subscribe To Our Newsletter
You will receive our latest post and tutorial.
Thank you for subscribing!


Leave a Reply

Your email address will not be published. Required fields are marked *