Use case : I have different user groups in my system for which i am building a common dashboard for them. All of user have different access and action privileges(ie they will see different limited information based on their level or can perform limited actions on a process). I have to keep a check on API for roles ie only authorized members can hit that api everyone else gets unauthorized error. I am not able to figure out how can i implement that using the inbuilt flowable authentication.
I tried @Preauthorize over my controllers with argument as “hasRole(‘admin’)” but even when i am logged in as fozzie, i dont get unauthorized error. Please anyone can guide me how can i do it?
No, i added the above code in my own spring-boot app. It worked. The problem was, sometimes grantedAuthorities was coming as “Admin” while sometimes it was coming as “admin” ie sometimes it was coming group names and sometimes group Ids. I tried printing grantedAuthorities, then only i figured out what the problem was. So for now i have added ‘admin’ as well as ‘Admin’ both. I still have to figure out why it was happening.