0
我有这样一些自定义的角色:秒:授权不能与自定义角色的工作
<span sec:authentication="principal.authorities">[MENU_USER, BUTTON_ADD_USER,ROLE_USER, MENU_PRIVILEGE, BUTTON_EDIT_USER]</span>
<div sec:authorize="hasRole('MENU_USER')">
<span>This content is only shown to administrators.</span>
</div>
时使用“ROLE_USER”,在“跨越”的文本可以正常显示,但是当使用其他角色,文本无法显示。然后我为自定义角色添加'ROLE_'前缀,这又变得正常了。
我尝试删除“ROLE_”前缀限制这样的:
@Bean
AccessDecisionManager accessDecisionManager() {
RoleVoter voter = new RoleVoter();
voter.setRolePrefix("");
List<AccessDecisionVoter<? extends Object>> voters= new ArrayList<>();
voters.add(new WebExpressionVoter());
voters.add(voter);
voters.add(new AuthenticatedVoter());
AffirmativeBased decisionManger = new AffirmativeBased(voters);
return decisionManger;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.accessDecisionManager(accessDecisionManager())
.antMatchers("/webjars/**", "/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.loginProcessingUrl("/j_spring_security_check")
.usernameParameter("j_username")
.passwordParameter("j_password")
.defaultSuccessUrl("/home", true)
.failureUrl("/test")
.and()
//logout is
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout")
.permitAll();
}
它不工作过。任何想法如何删除强制性的“ROLE_”前缀?
检查http://stackoverflow.com/questions/21620076/spring-security-remove-rolevoter-prefix和http://stackoverflow.com/questions/10939792/custom-rolevoter-and-accessing- UserRole的换另外的票检查 –