работает осталось сделать код менее уродливым и мб добавить некоторый дополнительный функцианал

src/main/java/com/LabWork/app/MangaStore/controller/Creator/CreatorActionMvcController.java

@@ -5,8 +5,11 @@ import com.LabWork.app.MangaStore.model.Dto.SupportDto.MangaDto;
 import com.LabWork.app.MangaStore.service.CreatorService;
 import com.LabWork.app.MangaStore.service.MangaService;
 import javax.validation.Valid;
+
+import com.LabWork.app.MangaStore.user.model.UserRole;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.validation.BindingResult;
@@ -18,6 +21,7 @@ import java.util.Base64;
 
 @Controller
 @RequestMapping("/creatorAction")
+@Secured({UserRole.AsString.ADMIN})
 public class CreatorActionMvcController {
     private final CreatorService creatorService;
     private static final Logger log = LoggerFactory.getLogger(CreatorActionMvcController.class);

src/main/java/com/LabWork/app/MangaStore/controller/Reader/ReaderActionMvcController.java

@@ -6,8 +6,11 @@ import com.LabWork.app.MangaStore.model.Dto.SupportDto.MangaDto;
 import com.LabWork.app.MangaStore.service.ReaderService;
 import com.LabWork.app.MangaStore.service.MangaService;
 import javax.validation.Valid;
+
+import com.LabWork.app.MangaStore.user.model.UserRole;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.validation.BindingResult;
@@ -17,6 +20,7 @@ import java.io.IOException;
 
 @Controller
 @RequestMapping("/readerAction")
+@Secured({UserRole.AsString.USER})
 public class ReaderActionMvcController {
     private final ReaderService readerService;
     private static final Logger log = LoggerFactory.getLogger(ReaderActionMvcController.class);

src/main/resources/templates/default.html

@@ -1,7 +1,8 @@
 <!DOCTYPE html>
 <html lang="ru"
       xmlns:th="http://www.thymeleaf.org"
-      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout" xmlns:sec="http://www.w3.org/1999/xhtml">
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+      xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity5">
 <head>
     <meta charset="UTF-8"/>
     <title>ReManga</title>
@@ -28,9 +29,9 @@
             <ul class="navbar-nav" th:with="activeLink=${#request.requestURI}" sec:authorize="isAuthenticated()">
                 <a class="nav-link" href="/"
                    th:classappend="${#strings.equals(activeLink, '/')} ? 'active' : ''">Index</a>
-                <a class="nav-link" th:href="@{/creatorAction/{login}(login=${#authentication.name})}"
+                <a sec:authorize="hasRole('ROLE_ADMIN')" class="nav-link" th:href="@{/creatorAction/{login}(login=${#authentication.name})}"
                    th:classappend="${#strings.equals(activeLink, '/creatorAction')} ? 'active' : ''">CreatorAction</a>
-                <a class="nav-link" th:href="@{/readerAction/{login}(login=${#authentication.name})}"
+                <a sec:authorize="hasRole('ROLE_USER')" class="nav-link" th:href="@{/readerAction/{login}(login=${#authentication.name})}"
                    th:classappend="${#strings.equals(activeLink, '/readerAction')} ? 'active' : ''">ReaderAction</a>
                 <a class="nav-link" href="/manga"
                    th:classappend="${#strings.equals(activeLink, '/manga')} ? 'active' : ''">Catalog</a>