diff --git a/src/main/java/com/example/gestionstagesbackend/config/SecurityConfig.java b/src/main/java/com/example/gestionstagesbackend/config/SecurityConfig.java
index 26b1c008940b29a7683676caefa7993a959c9689..4d5645ed1e597eeb3070abde7a2eea7067ad8b8e 100644
--- a/src/main/java/com/example/gestionstagesbackend/config/SecurityConfig.java
+++ b/src/main/java/com/example/gestionstagesbackend/config/SecurityConfig.java
@@ -42,18 +42,18 @@ public class SecurityConfig {
                         .requestMatchers("/**").permitAll()
 
                         // Role-based access
-                        .requestMatchers("/api/students").hasRole("ETUDIANT")
-                        .requestMatchers("/api/students/**").hasRole("ETUDIANT")
-                        .requestMatchers("/api/stages").hasRole("ETUDIANT")
-                        .requestMatchers("/api/stages/**").hasRole("ENTREPRISE")
-                        .requestMatchers("/api/students").hasRole("SUPERVISEUR")
-                        .requestMatchers("/api/students/**").hasRole("SUPERVISEUR")
-                        .requestMatchers("/api/stages").hasRole("SUPERVISEUR")
-                        .requestMatchers("/api/stages/**").hasRole("SUPERVISEUR")
-                        .requestMatchers("/api/enterprises/add").hasRole("ENTREPRISE")
-                        .requestMatchers("/api/enterprises/update").hasRole("ENTREPRISE")
-                        .requestMatchers("/api/enterprises/delete").hasRole("ENTREPRISE")
-                        .requestMatchers("/**").hasRole("ADMIN")
+                        .requestMatchers("/api/students").hasAuthority("ROLE_ETUDIANT")
+                        .requestMatchers("/api/students/**").hasAuthority("ROLE_ETUDIANT")
+                        .requestMatchers("/api/stages").hasAuthority("ROLE_ETUDIANT")
+                        .requestMatchers("/api/stages/**").hasAuthority("ROLE_ENTREPRISE")
+                        .requestMatchers("/api/students").hasAuthority("ROLE_SUPERVISEUR")
+                        .requestMatchers("/api/students/**").hasAuthority("ROLE_SUPERVISEUR")
+                        .requestMatchers("/api/stages").hasAuthority("ROLE_SUPERVISEUR")
+                        .requestMatchers("/api/stages/**").hasAuthority("ROLE_SUPERVISEUR")
+                        .requestMatchers("/api/enterprises/add").hasAuthority("ROLE_ENTREPRISE")
+                        .requestMatchers("/api/enterprises/update").hasAuthority("ROLE_ENTREPRISE")
+                        .requestMatchers("/api/enterprises/delete").hasAuthority("ROLE_ENTREPRISE")
+                        .requestMatchers("/**").hasAuthority("ROLE_ADMIN")
 
                         // Any other request requires authentication
                         .anyRequest().authenticated()
diff --git a/src/main/java/com/example/gestionstagesbackend/controllers/AuthController.java b/src/main/java/com/example/gestionstagesbackend/controllers/AuthController.java
index 04135e830b0f128e3c2eaf5dd77a8d80dca26623..e8f5cc2cc8f3936cebc884d96e2074a0432b4033 100644
--- a/src/main/java/com/example/gestionstagesbackend/controllers/AuthController.java
+++ b/src/main/java/com/example/gestionstagesbackend/controllers/AuthController.java
@@ -58,15 +58,16 @@ public class AuthController {
 
         if (username == null || password == null) {
             System.out.println("❌ Username or password is missing in the request.");
-            return ResponseEntity.status(400).body("Username and password are required");
+            return ResponseEntity.status(400).body(Map.of("error", "Username and password are required"));
         }
 
-        Optional<User> user = userService.findByUsername(username);
-        if (user.isEmpty()) {
+        Optional<User> userOptional = userService.findByUsername(username);
+        if (userOptional.isEmpty()) {
             System.out.println("❌ User not found!");
-            return ResponseEntity.status(401).body("Invalid credentials");
+            return ResponseEntity.status(401).body(Map.of("error", "Invalid credentials"));
         }
 
+        User user = userOptional.get();
         System.out.println("✅ User found: " + username);
 
         try {
@@ -77,13 +78,20 @@ public class AuthController {
             // Update security context on successful authentication
             SecurityContextHolder.getContext().setAuthentication(authentication);
             System.out.println("✅ Login successful for user: " + username);
-            return ResponseEntity.ok("Login successful");
+
+            // ✅ 🔥 Renvoie les rôles de l'utilisateur dans la réponse
+            return ResponseEntity.ok(Map.of(
+                    "message", "Login successful",
+                    "username", user.getUsername(),
+                    "roles", user.getRoles() // Retourne les rôles ici
+            ));
+
         } catch (Exception e) {
             System.out.println("❌ Authentication failed for user " + username + ": " + e.getMessage());
-            return ResponseEntity.status(401).body("Invalid username or password");
+            return ResponseEntity.status(401).body(Map.of("error", "Invalid username or password"));
         }
-
     }
+
     /** LOGOUT USER **/
     @PostMapping("/logout")
     public ResponseEntity<?> logoutUser(HttpServletRequest request, HttpServletResponse response) {