spring security - Can't use user with MANAGER role to create user from angular UI -
i'm trying add manager role. user manager must able create other users.
i've update authoritiesconstants.java below :
public final class authoritiesconstants { public static final string admin = "role_admin"; public static final string user = "role_user"; public static final string anonymous = "role_anonymous"; public static final string manager = "role_manager"; private authoritiesconstants() { } }
i've update authorities.csv:
name role_admin role_user role_manager
i've try update userresource.java :
@postmapping("/users") @timed @secured({authoritiesconstants.admin,authoritiesconstants.manager}) public responseentity createuser(@valid @requestbody manageduservm manageduservm) throws urisyntaxexception { log.debug("rest request save user : {}", manageduservm); }
and :
@restcontroller @requestmapping("/api") @enableglobalmethodsecurity(prepostenabled = true) public class userresource { @postmapping("/users") @timed @preauthorize("hasanyrole('role_admin','role_manager')") public responseentity createuser(@valid @requestbody manageduservm manageduservm) throws urisyntaxexception { log.debug("rest request save user : {}", manageduservm); //.... } //.... }
i've logged in angular ui , create user toto role_manager , role_user roles. i've update html file user role_manager have access user management pages.
when user toto submit user creation form, backend responded status of 403 (forbidden).
i reproduced problem , got access denied error in browser console /api/users/authorities
.
so fix consists in authorizing role_manager
role access userresource.getauthorities()
:
@getmapping("/users/authorities") @timed @secured({authoritiesconstants.admin, authoritiesconstants.manager}) public list<string> getauthorities() { return userservice.getauthorities(); }
Comments
Post a Comment