本文介绍了Spring security添加了前缀“ROLE_”。所有角色的名字?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的网络安全配置中包含以下代码:
I have this code in my Web Security Config:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/api/**")
.hasRole("ADMIN")
.and()
.httpBasic().and().csrf().disable();
}
所以我添加了一个ADMIN角色的用户数据库,当我尝试使用此用户登录时,我总是得到403错误,然后我启用了弹簧日志,我找到了这一行:
So I added an user with "ADMIN" role in my database and I always get 403 error when I tryed loggin with this user, then I enabled log for spring and I found this line:
2015-10-18 23:13:24.112 DEBUG 4899 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /api/user/login; Attributes: [hasRole('ROLE_ADMIN')]
为什么Spring Security正在寻找ROLE_ADMIN而不是 ADMIN?
Why Spring Security is looking for "ROLE_ADMIN" instead "ADMIN"?
推荐答案
默认情况下,Spring安全性会添加前缀 ROLE _ 。
Spring security adds the prefix "ROLE_" by default.
如果您想删除或更改此内容,请查看
If you want this removed or changed, take a look at
found this as well:Spring Security remove RoleVoter prefix
这篇关于Spring security添加了前缀“ROLE_”。所有角色的名字?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!