You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think you forgot to add the @EnableReactiveMethodSecurity annotation on your SecuredRestApplication. I was playing around a bit with your code and removing the ADMIN role from the user setup did not prevent me from accessing the /api/admin endpoint.
@Bean
public MapReactiveUserDetailsService userDetailsRepository() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("user")
.roles("USER")
.build();
return new MapReactiveUserDetailsService(user);
}
Then I generated a new token Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1c2VyIiwicm9sZXMiOiJST0xFX1VTRVIiLCJpc3MiOiJyYXBoYS5pbyIsImV4cCI6MTU2NzY3OTY3OX0.C67PZ_YX2Zm1_YDMnVgqoxNXCEd4iKOhTM9EdiEA5WI (content can be checked via https://jwt.io/ and verified with the default secret of your app).
This will then still allow me to call the admin endpoint:
First off thank you for this great example.
I think you forgot to add the
@EnableReactiveMethodSecurityannotation on yourSecuredRestApplication. I was playing around a bit with your code and removing the ADMIN role from the user setup did not prevent me from accessing the /api/admin endpoint.Then I generated a new token
Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1c2VyIiwicm9sZXMiOiJST0xFX1VTRVIiLCJpc3MiOiJyYXBoYS5pbyIsImV4cCI6MTU2NzY3OTY3OX0.C67PZ_YX2Zm1_YDMnVgqoxNXCEd4iKOhTM9EdiEA5WI(content can be checked via https://jwt.io/ and verified with the default secret of your app).This will then still allow me to call the admin endpoint:
When adding the
@EnableReactiveMethodSecurityannotation, I get the following, as expected:The text was updated successfully, but these errors were encountered: