Login View > forward to root

OnDemand · November 4, 2024, 1:51pm

Hi,

i have implemented a LoginView and the user gets redirected to “”
But its not working. Does anyone has an idea where i could start to search?

@Route(value = "", layout = MyLayout.class)
@PageTitle("Dashboard")
@RolesAllowed({SecurityRoles.DASHBOARD_VIEW})
public class DashboardView extends VerticalLayout {
...
}

Could not navigate to ‘’
Reason: Access is denied by annotations on the view.

I have another app with the same setup but i cant find the difference, why it here not works. The user has the correct permission to access the dashboard

ollit.1 · November 4, 2024, 2:10pm

If you make it @PermitAll instead of @RolesAllowed, does it work then?

OnDemand · November 4, 2024, 2:14pm

yes! That works. But why? In my other app i dont have it

Ah looks like UserRoles List is null. will check it

OnDemand · November 4, 2024, 2:27pm

hm no the user role is set

No i tried with @Route(value = “/dashboard”

but also i get the same error. Must be something in my User Handling.

public class User implements UserDetails {
    private Integer id;
    private String username;
    private String password;
    private List<UserRole> userRoles = getUserRoles(); //for test so the View is added to the list
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        List<GrantedAuthority> list = new ArrayList<GrantedAuthority>();
            list.add(new SimpleGrantedAuthority("DASHBOARD_VIEW"));
        return list;
    }
}


public class SecurityRoles {
    public static final String DASHBOARD_VIEW = "DASHBOARD_VIEW";

    public static Map<String, String> getRoles() {
        HashMap<String, String> roleMap = new HashMap<>();
        roleMap.put("DASHBOARD_VIEW", "accessDashboard"); //for later translation 
        return roleMap;

    }
}

OnDemand · November 4, 2024, 2:59pm

The log says its allowed

i am confused

marcoc_753 · November 4, 2024, 3:45pm

This log is saying that the RouteAccessDeniedError view is allowed, not your view.

Can you try if @RolesAllowed("ROLE_DASHBOARD_VIEW") works? I remember Spring Security adding a ROLE_ prefix to roles.

Matthew.57 · November 4, 2024, 6:00pm

I can see that you have annotated the view with @RolesAllowed({SecurityRoles.DASHBOARD_VIEW}). What the reason most likely implies is that the logged in user does not have that role, and therefore does not have access to the view.
I would check the code that maps the users to the roles and the user store (database, identity provider, etc.) to check that the role is being associated with the user correctly.

OnDemand · November 5, 2024, 6:40am

Hell yeah! :D now where you said it, I removed the ROLE_ präfix because I thought it look cleaner.

Now it works! Thats whats this forum is made for; sharing knowledge, thanks a lot. I would have searched for ever to find it.

marcoc_753 · November 5, 2024, 7:17am

Some additional context here: Spring Security FAQ :: Spring Security
My guess is that Spring Boot projects provide SimpleAuthorityMapper as default GrantedAuthoritiesMapper, thus adding the ROLE_ prefix.

OnDemand · November 5, 2024, 7:20am

Propably yes. Will check if it is ok how it is but currently i dont see any reason to change using the SimpleAuthorityMapper, because it works as expected :)