2535-springsecurity Series--Questions about the "role" prefix of the authorization role

Version information

<parent>    <groupId>org.springframework.boot</groupId>    <artifactId>spring-boot-starter-parent</artifactId>    <version>1.5.14.RELEASE</version>    <relativePath/> <!-- lookup parent from repository --></parent><dependency>    <groupId>org.springframework.boot</groupId>    <artifactId>spring-boot-starter-security</artifactId>    <version>1.5.14.RELEASE</version>    <!--实际里面spring-security-web的版本是4.2.7--></dependency>

Problem

//  在userdetails里给用户授权时，需要给定角色名  授权角色 List<GrantedAuthority> grantedAuthorityList = AuthorityUtils.createAuthorityList("ROLE_ADMIN","ROLE_PM","ROLE_DEV");     // 配置url授权验证相关    private void configAuthorizeRequests(HttpSecurity http) throws Exception {        http.authorizeRequests()                .antMatchers(CustomSecurityProperties.exclusivePaths)                .permitAll()                .antMatchers("/admin/**", "/**/delete").hasAnyRole("ADMIN")                .anyRequest()                .authenticated();    }

Use

There is a role prefix at the time of authorization, but there is no role prefix when configuring permissions for URLs.

Reason

Version is Spring-security-core-4.2.7.release.jar
Source Org.springframework.security.access.vote.RoleVoter, the class defines a prefix private String roleprefix = "Role_"; The Supports method in the class matches the permission parameter with the Roleprefix to see if it starts with Role_.

    Public Boolean supports (Configattribute attribute) {if (Attribute.getattribute ()! = NULL)//Here in the authentication prefix        && Attribute.getattribute (). StartsWith (Getroleprefix ())) {return true;        } else {return false; }} public int vote (authentication authentication, Object object, Collection<configattribute> Attri        Butes) {if (authentication = = null) {return access_denied;        } int result = Access_abstain; collection<?        Extends grantedauthority> authorities = extractauthorities (authentication); for (Configattribute attribute:attributes) {//This will traverse all the role values first to determine if there is a prefix prefix, then vote if (This.supports (at                Tribute)) {result = Access_denied;                    Attempt to find a matching granted authority for (Grantedauthority authority:authorities) { if (Attribute.getattribute (). Equals (authority.Getauthority ())) {return access_granted;    }}}} return result; }

The 77th line verifies that the authorization role information is preceded by a prefix

(This is a polling device that matches the current user role information and the permission requirements of the resource information that is being accessed, giving a poll value of 1 0 1
Voting Device Reference: 79413307

Official documents

Official documentation 46.3.3 What does "role_" mean and why does I need it on my ROLE names? https://docs.spring.io/spring-security/site/docs/5.0.6.RELEASE/reference/htmlsingle/#appendix-faq-role-prefix)

Complete Project Engineering Reference

Https://github.com/starmoon1994/springsecurity-collection

2535-springsecurity Series--Questions about the "role" prefix of the authorization role