fix: SecurityConfiguration roles

2024-09-13 14:37:07 -04:00 · 2024-09-13 14:37:07 -04:00 · 7deec14a11
commit 7deec14a11
parent 59fe0b3bb7
1 changed files with 5 additions and 1 deletions
--- a/src/main/java/com/application/munera/security/SecurityConfiguration.java
+++ b/src/main/java/com/application/munera/security/SecurityConfiguration.java
@ -45,9 +45,13 @@ public class SecurityConfiguration extends VaadinWebSecurity {
                final var user = userRepository.findByUsername(username)
                        .orElseThrow(() -> new UsernameNotFoundException("User not found"));

+                // Assume roles are stored in the database with prefix, ex: "ROLE_ADMIN"
+                String[] roles = user.getRoles().split(",");
+
+                // Use authorities instead of roles to prevent automatic prefixing
                return User.withUsername(user.getUsername())
                        .password(user.getPassword())
-                        .roles(user.getRoles().split(","))
+                        .authorities(roles)  // Set roles directly as authorities
                        .build();
            }
        };