Spring security添加了前缀“ROLE_”。所有角色的名字？ [英] Spring security added prefix "ROLE_" to all roles name?

问题描述

我的网络安全配置中包含以下代码：

I have this code in my Web Security Config:

 @Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/api/**")
            .hasRole("ADMIN")
            .and()
            .httpBasic().and().csrf().disable();

}

所以我添加了一个ADMIN角色的用户数据库，当我尝试使用此用户登录时，我总是得到403错误，然后我启用了弹簧日志，我找到了这一行：

So I added an user with "ADMIN" role in my database and I always get 403 error when I tryed loggin with this user, then I enabled log for spring and I found this line:

2015-10-18 23:13:24.112 DEBUG 4899 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /api/user/login; Attributes: [hasRole('ROLE_ADMIN')]

为什么Spring Security正在寻找ROLE_ADMIN而不是 ADMIN？

Why Spring Security is looking for "ROLE_ADMIN" instead "ADMIN"?

推荐答案

默认情况下，Spring安全性会添加前缀 ROLE _ 。

Spring security adds the prefix "ROLE_" by default.

如果您想删除或更改此内容，请查看

If you want this removed or changed, take a look at

http://forum.spring.io/forum/spring-projects/security/51066-如何改变角色来自拦截者网址

http://forum.spring.io/forum/spring-projects/security/51066-how-to-change-role-from-interceptor-url

编辑：发现这一点：$ b​​ $ b Spring Security删除RoleVoter前缀

found this as well: Spring Security remove RoleVoter prefix

这篇关于Spring security添加了前缀“ROLE_”。所有角色的名字？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！