问题
I am using @Secured("ADMIN"), my role definition is also ADMIN (not ROLE_ADMIN). When I access the API, I am not getting the expected value, it says access denied.
Below is the code, how I have overridden ROLE_ value
@PostMapping("/users")
@Loggable
@Secured({"Administrator"})
public ResponseEntity<?> createUser( @Valid @RequestBody User userRequest) {
.....
}
Implemented CustomAccessDecisionManager where the role prefix (setRolePrefix("")) was set to empty and the CustomDecisionManager was configured in my security configuration file.
The empty role prefix is working fine, the code is below for that
.authorizeRequests().anyRequest().authenticated()
.accessDecisionManager(customAD()).hasRole("ADMIN")
But it's not working when I use @Secured.
My DB contains role as USER1, USER2.
Any help is greatly appreciated. Thank you.
来源:https://stackoverflow.com/questions/46756013/how-to-override-defaultroleprefix-when-using-secured-or-preauthorize-in-spring