Spring

Why doesn't my SPRING SECURITY settings work?

Only a user with the administrator role should have access to the method in the controller, the problem is that he cannot get this access. At first everything works fine, when trying to access, it redirects to the login form, but then after successful authentication, when trying to access the protected address again, a 403 error pops up. I can’t understand what the problem is, everything seems to be correct, the user has the correct roles, they get it from the database correctly. Below is the security configuration code, authorization service and controller

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    UserDetailsService securityService;

    @Autowired
    AuthenticationSuccessHandler authenticationSuccessHandler;

    @Autowired
    AuthenticationFailureHandler authenticationFailureHandler;

    @Bean
    public PasswordEncoder passwordEncoder() {
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }

    @Autowired
    protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(securityService).passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
//                .antMatchers("/driver/**").access("hasRole('ROLE_ADMIN')")
                .and()
                .formLogin()
                .permitAll()
                .loginProcessingUrl("/login")
                .usernameParameter("username")
                .passwordParameter("password")
                .successHandler(authenticationSuccessHandler)
                .failureHandler(authenticationFailureHandler)
                .and()
                .logout()
                .permitAll()
                .logoutUrl("/logout");
    }

}

@Service
@Transactional
public class SecurityService implements UserDetailsService {

    @Autowired
    UserRepository userRepository;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        UserEntity userEntity = userRepository.findByUsername(username);
        List<GrantedAuthority> authorities
                = buildUserAuthority(userEntity.getRole());
        return buildUserForAuthentication(userEntity, authorities);
    }

    private List<GrantedAuthority> buildUserAuthority(RoleEntity roleEntity) {
        Set<GrantedAuthority> setAuths = new HashSet<>();
        setAuths.add(new SimpleGrantedAuthority(roleEntity.getName()));
        List<GrantedAuthority> Result = new ArrayList<>(setAuths);
        return Result;
    }

    private User buildUserForAuthentication(UserEntity userEntity,
            List<GrantedAuthority> authorities) {
        return new User(userEntity.getUsername(), userEntity.getPasswordHash(),
                userEntity.getEnabled(), true, true, true, authorities);
   }

}

@RestController
@Secured({"ROLE_ADMIN"})
@RequestMapping(value = "/driver")
public class DriverController {

    @Autowired
    DriverService driverService;

    @Autowired
    AdminService adminService;

    @Secured("ROLE_ADMIN")
    @GetMapping()
    @JsonView(DriverDTO.Main.class)
    public List<DriverDTO> getDriversByCompanyAsking() {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        CompanyDTO companyDTO = adminService.getCompanyByAdminUsername(auth.getName());
        return driverService.getDriversByCompany(companyDTO);
    }

}