Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to deal with defaultRolePrefix="ROLE_" in Spring Security update from 3.2.7 to 4.0.2.RELEASE

Tags:

spring

spring-boot

spring-security

My Spring Boot application works on Spring Security 3.2.7.RELEASE. Now, I'd like to update it to 4.0.2.RELEASE.

After hours of debug I have found that Spring Security 4.0.2.RELEASE uses defaultRolePrefix="ROLE_"

in

org.springframework.security.access.expression.SecurityExpressionRoot.hasAnyAuthorityName(String prefix, String... roles) method

In my application I use roles without this prefix and accordingly I get AccessDeniedException.

How to configure Spring Boot in order to use SecurityExpressionRoot.defaultRolePrefix="" ?

like image 312
alexanoid Avatar asked Aug 13 '15 19:08

alexanoid

1 Answers

I found the solution how to fix it. I need to change hasRole to hasAuthority, for example:

@PreAuthorize("hasAuthority('PERMISSION_CREATE_NODE')")
like image 153
alexanoid Avatar answered Oct 25 '22 19:10

alexanoid
Sign in to Comment

Related questions

When do @SessionAttributes in SpringMVC get removed? (With code sample)
HttpMessageNotReadableException: Could not read JSON: Unrecognized field using Spring for Android
How to execute custom SQL query with spring-managed transactional EntityManager
Spring MVC, Upload file with other fields
How to return binary data instead of base64 encoded byte[] in spring mvc rest controller
Can we implement a Java library by using Spring Boot?
Maven: missing artifact org.springframework:spring:jar:4.2.6
Make front- and backend (Angular 2 and Spring) Maven Multimodule Project
Spring Security Always returning 403 forbidden, Access denied
How to stream large HTTP response in spring
Spring Hateoas ControllerLinkBuilder adds null fields
Delay task:scheduler first execution in Spring 3
Jetty startup delay
When injecting a list of beans, is the order in the list the same as the defined order of the beans
How to use StatelessSession with Spring Data JPA and Hibernate?
HQL is generating incomplete 'cross join' on executeUpdate
Specify url of jdbc:embedded-database
Reload UserDetails Object from Database Every Request in Spring Security
What is the best approach to find all addresses that are in a specific distance to the selected point
How can I authenticate a system user for scheduled processes in Spring?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!