fix: SecurityConfiguration roles

This commit is contained in:
effe 2024-09-13 14:37:07 -04:00
parent 59fe0b3bb7
commit 7deec14a11

View file

@ -45,9 +45,13 @@ public class SecurityConfiguration extends VaadinWebSecurity {
final var user = userRepository.findByUsername(username)
.orElseThrow(() -> new UsernameNotFoundException("User not found"));
// Assume roles are stored in the database with prefix, ex: "ROLE_ADMIN"
String[] roles = user.getRoles().split(",");
// Use authorities instead of roles to prevent automatic prefixing
return User.withUsername(user.getUsername())
.password(user.getPassword())
.roles(user.getRoles().split(","))
.authorities(roles) // Set roles directly as authorities
.build();
}
};