0
我有這樣一些自定義的角色:秒:授權不能與自定義角色的工作
<span sec:authentication="principal.authorities">[MENU_USER, BUTTON_ADD_USER,ROLE_USER, MENU_PRIVILEGE, BUTTON_EDIT_USER]</span>
<div sec:authorize="hasRole('MENU_USER')">
<span>This content is only shown to administrators.</span>
</div>
時使用「ROLE_USER」,在「跨越」的文本可以正常顯示,但是當使用其他角色,文本無法顯示。然後我爲自定義角色添加'ROLE_'前綴,這又變得正常了。
我嘗試刪除「ROLE_」前綴限制這樣的:
@Bean
AccessDecisionManager accessDecisionManager() {
RoleVoter voter = new RoleVoter();
voter.setRolePrefix("");
List<AccessDecisionVoter<? extends Object>> voters= new ArrayList<>();
voters.add(new WebExpressionVoter());
voters.add(voter);
voters.add(new AuthenticatedVoter());
AffirmativeBased decisionManger = new AffirmativeBased(voters);
return decisionManger;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.accessDecisionManager(accessDecisionManager())
.antMatchers("/webjars/**", "/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.loginProcessingUrl("/j_spring_security_check")
.usernameParameter("j_username")
.passwordParameter("j_password")
.defaultSuccessUrl("/home", true)
.failureUrl("/test")
.and()
//logout is
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout")
.permitAll();
}
它不工作過。任何想法如何刪除強制性的「ROLE_」前綴?
檢查http://stackoverflow.com/questions/21620076/spring-security-remove-rolevoter-prefix和http://stackoverflow.com/questions/10939792/custom-rolevoter-and-accessing- UserRole的換另外的票檢查 –