From 7deec14a11e181a6ccea2bb01d253ef5feabd803 Mon Sep 17 00:00:00 2001 From: effe Date: Fri, 13 Sep 2024 14:37:07 -0400 Subject: [PATCH] fix: SecurityConfiguration roles --- .../application/munera/security/SecurityConfiguration.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/application/munera/security/SecurityConfiguration.java b/src/main/java/com/application/munera/security/SecurityConfiguration.java index a43c1f6..973c32b 100644 --- a/src/main/java/com/application/munera/security/SecurityConfiguration.java +++ b/src/main/java/com/application/munera/security/SecurityConfiguration.java @@ -45,9 +45,13 @@ public class SecurityConfiguration extends VaadinWebSecurity { final var user = userRepository.findByUsername(username) .orElseThrow(() -> new UsernameNotFoundException("User not found")); + // Assume roles are stored in the database with prefix, ex: "ROLE_ADMIN" + String[] roles = user.getRoles().split(","); + + // Use authorities instead of roles to prevent automatic prefixing return User.withUsername(user.getUsername()) .password(user.getPassword()) - .roles(user.getRoles().split(",")) + .authorities(roles) // Set roles directly as authorities .build(); } };