How to deal with defaultRolePrefix=“ROLE_” in Spring Security update from 3.2.7 to 4.0.2.RELEASE

可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效，请关闭广告屏蔽插件后再试):

问题:

My Spring Boot application works on Spring Security 3.2.7.RELEASE. Now, I'd like to update it to 4.0.2.RELEASE.

After hours of debug I have found that Spring Security 4.0.2.RELEASE uses defaultRolePrefix="ROLE_"

org.springframework.security.access.expression.SecurityExpressionRoot.hasAnyAuthorityName(String prefix, String... roles) method

In my application I use roles without this prefix and accordingly I get AccessDeniedException.

How to configure Spring Boot in order to use SecurityExpressionRoot.defaultRolePrefix="" ?

回答1:

I found the solution how to fix it. I need to change hasRole to hasAuthority, for example:

@PreAuthorize("hasAuthority('PERMISSION_CREATE_NODE')")

In the other hand you can remove role prefix ass described here. In this cas you are free to use other annotations.

标签

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!