spring security - Can't use user with MANAGER role to create user from angular UI -


i'm trying add manager role. user manager must able create other users.

i've update authoritiesconstants.java below :

public final class authoritiesconstants {      public static final string admin = "role_admin";      public static final string user = "role_user";      public static final string anonymous = "role_anonymous";     public static final string manager = "role_manager";      private authoritiesconstants() {     } } 

i've update authorities.csv:

name role_admin role_user role_manager 

i've try update userresource.java :

@postmapping("/users")     @timed     @secured({authoritiesconstants.admin,authoritiesconstants.manager})     public responseentity createuser(@valid @requestbody manageduservm manageduservm) throws urisyntaxexception {         log.debug("rest request save user : {}", manageduservm);      } 

and :

@restcontroller @requestmapping("/api") @enableglobalmethodsecurity(prepostenabled = true) public class userresource {     @postmapping("/users")         @timed         @preauthorize("hasanyrole('role_admin','role_manager')")         public responseentity createuser(@valid @requestbody manageduservm manageduservm) throws urisyntaxexception {             log.debug("rest request save user : {}", manageduservm);            //....          } //.... } 

i've logged in angular ui , create user toto role_manager , role_user roles. i've update html file user role_manager have access user management pages.

when user toto submit user creation form, backend responded status of 403 (forbidden).

i reproduced problem , got access denied error in browser console /api/users/authorities.

so fix consists in authorizing role_manager role access userresource.getauthorities():

@getmapping("/users/authorities") @timed @secured({authoritiesconstants.admin, authoritiesconstants.manager}) public list<string> getauthorities() {     return userservice.getauthorities(); } 

Comments

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

python Tkinter Capturing keyboard events save as one single string -

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -