The issue I am facing involves accessing a protected resource ("/admin") in my Spring Boot application, where all resources to which I impose a role constraint block access for all users, even those with the required role. The application uses Spring Security and OAuth 2.0, with JWT tokens for authentication and authorization. When a user successfully logs in and obtains a JWT token containing the appropriate roles (for example, "ROLE_ADMIN"), access to the protected resource is still denied.
I have checked several elements, including correct JWT token generation, proper decoding within the application, and Spring Security configuration. Despite these checks, the problem persists. When I attempt to access the "/admin" resource, authentication succeeds, but the authorities (Granted Authorities) appear to be empty, which may explain the access denial.
I have already adjusted the Spring Security configuration using hasAuthority("ROLE_ADMIN") in the authorizeHttpRequests method, but the problem persists. I wonder if there is something I might have missed in the Spring Security configuration, JWT token decoding, or any other part of the code that could influence access to the protected resource.
Below, I share a portion of my Spring Security configuration that could be relevant: https://github.com/RaselisonToky/login.git
I would appreciate any assistance in identifying the root cause of the problem and finding a solution. Thank you.