如何处理defaultRolePrefix ="ROLE_" Spring Security中的版本从3.2.7更新到4.0.2. [英] How to deal with defaultRolePrefix="ROLE_" in Spring Security update from 3.2.7 to 4.0.2.RELEASE

问题描述

我的Spring Boot应用程序可在Spring Security 3.2.7.RELEASE上运行. 现在，我想将其更新为4.0.2.RELEASE.

My Spring Boot application works on Spring Security 3.2.7.RELEASE. Now, I'd like to update it to 4.0.2.RELEASE.

经过数小时的调试，我发现Spring Security 4.0.2.RELEASE使用defaultRolePrefix="ROLE_"

After hours of debug I have found that Spring Security 4.0.2.RELEASE uses defaultRolePrefix="ROLE_"

在

org.springframework.security.access.expression.SecurityExpressionRoot.hasAnyAuthorityName(String prefix, String... roles)方法

在我的应用程序中，我使用没有此前缀的角色，因此得到AccessDeniedException.

In my application I use roles without this prefix and accordingly I get AccessDeniedException.

如何配置Spring Boot以使用SecurityExpressionRoot.defaultRolePrefix=""?

How to configure Spring Boot in order to use SecurityExpressionRoot.defaultRolePrefix="" ?

推荐答案

我找到了解决方案.我需要将hasRole更改为hasAuthority，例如:

I found the solution how to fix it. I need to change hasRole to hasAuthority, for example:

@PreAuthorize("hasAuthority('PERMISSION_CREATE_NODE')")

这篇关于如何处理defaultRolePrefix ="ROLE_" Spring Security中的版本从3.2.7更新到4.0.2.的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！