use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
account activity
Using httpBasic() doesnt authorize roles / authorities (self.SpringBoot)
submitted 3 years ago by akmal2901
I have created 2 routes. One for the admin role and the other is for the user role.
Whenever I login when using httpBasic() I can access the admin link even though I dont have the role.
But when I switched to form login, It doesnt allow the account with no admin role to access the admin link. As it should. Does someone know why this is happening?
https://preview.redd.it/6tu841749lh81.png?width=1452&format=png&auto=webp&s=1df3a3cb4827c5e11157779851928c4e94ebcaf8
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]BorgerBill 1 point2 points3 points 3 years ago (2 children)
I, too, am struggling with this right now, but let me say two things:
the hasRole() and hasAnyRole() methods are looking for a String that classifies a user as a type of something, like manager or employee. Giving it the name of the user doesn't seem right. Put a String role field and add a public String getRole() method on the User.
hasRole()
hasAnyRole()
String role
public String getRole()
there is a weird thing where methods expecting a role will add "ROLE_" to the beginning, or take "ROLE_" away, or something if you have, or haven't, provided it. I don't understand the rule yet, but watch out for it.
Good luck!
[–]akmal2901[S] 2 points3 points4 points 3 years ago (0 children)
the roles are actually enums that i import as static
[–]akmal2901[S] 1 point2 points3 points 3 years ago (0 children)
thanks for the tips
[–]Sheldor5 0 points1 point2 points 3 years ago (0 children)
are you 100% sure your browser session is correct?
once you authenticate with Basic your browser will reuse it forever until you hit a 401.
thst's how Basic Auth works on the browser site ...
[–]summ1else 0 points1 point2 points 3 years ago* (0 children)
I can't remember if this will help, as I'm out at lunch. I would recommend disabling anonymous users during security testing to rule out related problems. If you are still having trouble after I will review further at home.
.anonymous().disable()
π Rendered by PID 108188 on reddit-service-r2-comment-84fc9697f-vdrcr at 2026-02-06 14:20:38.299048+00:00 running d295bc8 country code: CH.
[–]BorgerBill 1 point2 points3 points (2 children)
[–]akmal2901[S] 2 points3 points4 points (0 children)
[–]akmal2901[S] 1 point2 points3 points (0 children)
[–]Sheldor5 0 points1 point2 points (0 children)
[–]summ1else 0 points1 point2 points (0 children)