Spring boot integrates with spring Security's encountered pits in the upgrade of spring release

In the version of Spring security3.x

Hasanyrole This method does not add a prefix to the identity that we need to authenticate role_, in the 3.x version hasrole the source code is as follows

     Public Final Boolean hasanyrole (String ... roles) {        Set<String> roleset = getauthorityset ();          for (String role:roles) {            if  (roleset.contains (role)) {                return true ;            }        }         return false ;    }

And the 4.x version will be based on my specific situation to see if you want to prefix, the code is as follows

     Public Final Booleanhasanyrole (String ... roles) {returnHasanyauthorityname (defaultroleprefix, roles); }    Private Booleanhasanyauthorityname (string prefix, string ... roles) {Set<String> Roleset =Getauthorityset ();  for(String role:roles) {string Defaultedrole=getrolewithdefaultprefix (prefix, role); if(Roleset.contains (defaultedrole)) {return true; }        }        return false; }

    Private Staticstring Getrolewithdefaultprefix (String defaultroleprefix, String role) {if(Role = =NULL) {            returnrole; }        if(Defaultroleprefix = =NULL|| Defaultroleprefix.length () = = 0) {            returnrole; }        if(Role.startswith (Defaultroleprefix)) {returnrole; }        returnDefaultroleprefix +role; }

Here the pit to be careful, if you add the Role_ prefix, then you log on the role of the front also need to add role_, otherwise it will fail authentication, then the 403 page. (Ps:hasrole This method also has this version problem, specifically also and hasanyrole is not much.) ）

Spring boot integrates with spring Security's encountered pits in the upgrade of spring release