Spring Security hasRole() not working

You are missing a concept:

If you use hasRole('ADMIN'), in your ADMIN Enum must be ROLE_ADMIN instead of ADMIN.
If you use hasAuthority('ADMIN'), your ADMIN Enum must be ADMIN.

In spring security, hasRole() is the same as hasAuthority(), but hasRole() function map with Authority without ROLE_ prefix.

You can find the accepted answer in this post: Difference between Role and GrantedAuthority in Spring Security

Try use hasAuthority instead hasRole inside HTML-tag.

sec:authorize="hasAuthority('ADMIN')"

Tags:

Java

Spring

Spring Mvc

Spring Security

Thymeleaf

Related