如何处理defaultRolePrefix ="ROLE_" Spring Security中的版本从3.2.7更新到4.0.2. [英] How to deal with defaultRolePrefix="ROLE_" in Spring Security update from 3.2.7 to 4.0.2.RELEASE
问题描述
我的Spring Boot应用程序可在Spring Security 3.2.7.RELEASE
上运行.
现在,我想将其更新为4.0.2.RELEASE
.
My Spring Boot application works on Spring Security 3.2.7.RELEASE
.
Now, I'd like to update it to 4.0.2.RELEASE
.
经过数小时的调试,我发现Spring Security 4.0.2.RELEASE使用defaultRolePrefix="ROLE_"
After hours of debug I have found that Spring Security 4.0.2.RELEASE uses defaultRolePrefix="ROLE_"
在
org.springframework.security.access.expression.SecurityExpressionRoot.hasAnyAuthorityName(String prefix, String... roles)
方法
在我的应用程序中,我使用没有此前缀的角色,因此得到AccessDeniedException
.
In my application I use roles without this prefix and accordingly I get AccessDeniedException
.
如何配置Spring Boot以使用SecurityExpressionRoot.defaultRolePrefix=""
?
How to configure Spring Boot in order to use SecurityExpressionRoot.defaultRolePrefix=""
?
推荐答案
我找到了解决方案.我需要将hasRole更改为hasAuthority,例如:
I found the solution how to fix it. I need to change hasRole to hasAuthority, for example:
@PreAuthorize("hasAuthority('PERMISSION_CREATE_NODE')")
这篇关于如何处理defaultRolePrefix ="ROLE_" Spring Security中的版本从3.2.7更新到4.0.2.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!