Springboot Security hasRole not working

2019-01-01 11:46发布

I’m unable to use hasRole method in @PreAuthorize annotation. Also request.isUserInRole(“ADMIN”) gives false. What am I missing? Although .hasAuthority(“ADMIN”) works fine.

I am assigning authorities to the users from a database.

标签： spring-boot spring-security

1条回答

素衣白纱

2楼-- · 2019-01-01 12:14

You have to name your authority with prefix ROLE_ to use isUserInRole, see Spring Security Reference:

The HttpServletRequest.isUserInRole(String) will determine if SecurityContextHolder.getContext().getAuthentication().getAuthorities() contains a GrantedAuthority with the role passed into isUserInRole(String). Typically users should not pass in the "ROLE_" prefix into this method since it is added automatically. For example, if you want to determine if the current user has the authority "ROLE_ADMIN", you could use the following:
boolean isAdmin = httpServletRequest.isUserInRole("ADMIN");

Same for hasRole (also hasAnyRole), see Spring Security Reference:

Returns true if the current principal has the specified role. By default if the supplied role does not start with 'ROLE_' it will be added. This can be customized by modifying the defaultRolePrefix on DefaultWebSecurityExpressionHandler.

0人赞添加讨论(0) 举报

Springboot Security hasRole not working

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间