Spring security added prefix “ROLE_” to all roles name?

Question

I have this code in my Web Security Config:

 @Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests         


        

Answer 1

_ROLE prefix is used by spring security, to identify that it is as a role. A role has a set of privileges a.k.a Authorities, these authorities define varies permissions for a role. ex:- EDIT_PROFILE, DELETE_PROFILE

You can define both the roles and authorities, if you are defining a role then it must be prefixed with "ROLE_"

In your case you are looking for a role, so by default spring security looks for a string that is prefixed with "ROLE_".