2535-springsecurity Series--Questions about the "role" prefix of the authorization role

Source: Internet
Author: User
Tags object object

Version information
<parent>    <groupId>org.springframework.boot</groupId>    <artifactId>spring-boot-starter-parent</artifactId>    <version>1.5.14.RELEASE</version>    <relativePath/> <!-- lookup parent from repository --></parent><dependency>    <groupId>org.springframework.boot</groupId>    <artifactId>spring-boot-starter-security</artifactId>    <version>1.5.14.RELEASE</version>    <!--实际里面spring-security-web的版本是4.2.7--></dependency>
Problem
//  在userdetails里给用户授权时,需要给定角色名  授权角色 List<GrantedAuthority> grantedAuthorityList = AuthorityUtils.createAuthorityList("ROLE_ADMIN","ROLE_PM","ROLE_DEV");     // 配置url授权验证相关    private void configAuthorizeRequests(HttpSecurity http) throws Exception {        http.authorizeRequests()                .antMatchers(CustomSecurityProperties.exclusivePaths)                .permitAll()                .antMatchers("/admin/**", "/**/delete").hasAnyRole("ADMIN")                .anyRequest()                .authenticated();    }
Use

There is a role prefix at the time of authorization, but there is no role prefix when configuring permissions for URLs.

Reason

Version is Spring-security-core-4.2.7.release.jar
Source Org.springframework.security.access.vote.RoleVoter, the class defines a prefix private String roleprefix = "Role_"; The Supports method in the class matches the permission parameter with the Roleprefix to see if it starts with Role_.

    Public Boolean supports (Configattribute attribute) {if (Attribute.getattribute ()! = NULL)//Here in the authentication prefix        && Attribute.getattribute (). StartsWith (Getroleprefix ())) {return true;        } else {return false; }} public int vote (authentication authentication, Object object, Collection<configattribute> Attri        Butes) {if (authentication = = null) {return access_denied;        } int result = Access_abstain; collection<?        Extends grantedauthority> authorities = extractauthorities (authentication); for (Configattribute attribute:attributes) {//This will traverse all the role values first to determine if there is a prefix prefix, then vote if (This.supports (at                Tribute)) {result = Access_denied;                    Attempt to find a matching granted authority for (Grantedauthority authority:authorities) { if (Attribute.getattribute (). Equals (authority.Getauthority ())) {return access_granted;    }}}} return result; }

The 77th line verifies that the authorization role information is preceded by a prefix

(This is a polling device that matches the current user role information and the permission requirements of the resource information that is being accessed, giving a poll value of 1 0 1
Voting Device Reference: 79413307

Official documents

Official documentation 46.3.3 What does "role_" mean and why does I need it on my ROLE names? https://docs.spring.io/spring-security/site/docs/5.0.6.RELEASE/reference/htmlsingle/#appendix-faq-role-prefix)

Complete Project Engineering Reference

Https://github.com/starmoon1994/springsecurity-collection

2535-springsecurity Series--Questions about the "role" prefix of the authorization role

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.