@RequestMapping(path = "/user/{username}", method = GET) @PreAuthorize("hasRole('ADMIN')") public ResponseEntity<User> getUser(@PathVariable("username") String username) { Optional<User> user = securityService.getUserByUsername(username); return user.isPresent() ? new ResponseEntity<User>(user.get(), HttpStatus.OK) : new ResponseEntity<>(HttpStatus.NOT_FOUND); }