java - Spring security added prefix "ROLE_" to all roles name?

Question

Welcome To Ask or Share your Answers For Others

java - Spring security added prefix "ROLE_" to all roles name?

posted Oct 17, 2021 in Technique[技术] by 深蓝 (71.8m points)

java - Spring security added prefix "ROLE_" to all roles name?

I have this code in my Web Security Config:

 @Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/api/**")
            .hasRole("ADMIN")
            .and()
            .httpBasic().and().csrf().disable();

}

So I added an user with "ADMIN" role in my database and I always get 403 error when I tryed loggin with this user, then I enabled log for spring and I found this line:

2015-10-18 23:13:24.112 DEBUG 4899 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /api/user/login; Attributes: [hasRole('ROLE_ADMIN')]

Why Spring Security is looking for "ROLE_ADMIN" instead "ADMIN"?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-17T00:32:40+0000

Spring security adds the prefix "ROLE_" by default.

If you want this removed or changed, take a look at

How to change role from interceptor-url?

EDIT: found this as well: Spring Security remove RoleVoter prefix

Categories

java - Spring security added prefix "ROLE_" to all roles name?

java - Spring security added prefix "ROLE_" to all roles name?

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags