Menu
assume that I have an user who has following authentication:
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
grantedAuthorities.add(new SimpleGrantedAuthority("READ_PRODUCT"));
grantedAuthorities.add(new SimpleGrantedAuthority("WRITE_PRODUCT"));
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("usr", "pwd", grantedAuthorities));
In the security check, I should check if the user has the right authority to access the API. I did the following to achive it:
http
.httpBasic().disable()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/product/**").hasAuthority("READ_PRODUCT");
Here I use hasAuthority() to check if the user has the right authority, but I found that there is also a method called hasRole() but I dont know that is the difference between these two methods? Can anyone explain me the difference and if I want to use hasRole() here, how can I use it here? I tried to replace hasAuthority() by hasRole() but it was not successful
646
hasRole() defines the Role (for Example: "Employee" or "Visitor"), while
hasAuthority() defines the Rights (for Example: One Employee can only use the Main Door, but another one can also use the Backdoor
198
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
