I use @Secured ("ADMIN"), my role definition is also ADMIN (not ROLE_ADMIN). When I access the API, I do not get the expected value, it says that access is denied.
Below is the code as I redefined the value of ROLE_
@PostMapping("/users")
@Loggable
@Secured({"Administrator"})
public ResponseEntity<?> createUser( @Valid @RequestBody User userRequest) {
.....
}
CustomAccessDecisionManager is implemented, where the role prefix (setRolePrefix ("")) was empty and the CustomDecisionManager was configured in my security configuration file.
An empty role prefix works fine, the code below for this
.authorizeRequests().anyRequest().authenticated()
.accessDecisionManager(customAD()).hasRole("ADMIN")
But it does not work when I use @Secured.
My database contains the role USER1, USER2.
Any help is appreciated. Thank.