You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In GlobalMethodSecurityConfiguration, the RoleVoter.setRolePrefix() method is not configured with the GrantedAuthorityDefaults bean.
Actual Behavior
I created a GrantedAuthorityDefaults bean in my application with a blank role prefix ("") but methods using the @Secured annotation still tried to match the default ROLE_ prefix in the RoleVoter.
Expected Behavior
I would expect the RoleVoter.setRolePrefix() method to be called with configured with the rolePrefix in the GrantedAuthorityDefaults bean similar to how the Jsr250MethodSecurityMetadataSource class is configured.
Configuration
Spring Boot 1.5.3.RELEASE
Version
Spring Security 4.2.3.RELEASE
Sample
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class GlobalMethodSecurityConfigurer {
@Bean
public GrantedAuthorityDefaults grantedAuthorityDefaults() {
return new GrantedAuthorityDefaults("");
}
}
@Service
public class ShopperService {
@Secured("shopper")
@Transactional
public Shopper getShopper(String username) {
return shopperRepository.findOne(username);
}
}
rwinch
changed the title
RoleVoter rolePrefix is not configured with GrantedAuthorityDefaults
RoleVoter Configuration Defaults Prefix Using GrantedAuthorityDefauts
Dec 6, 2018
dongmyo
added a commit
to dongmyo/spring-security-1
that referenced
this issue
Dec 7, 2018
Summary
In
GlobalMethodSecurityConfiguration
, theRoleVoter.setRolePrefix()
method is not configured with theGrantedAuthorityDefaults
bean.Actual Behavior
I created a
GrantedAuthorityDefaults
bean in my application with a blank role prefix (""
) but methods using the@Secured
annotation still tried to match the defaultROLE_
prefix in theRoleVoter
.Expected Behavior
I would expect the
RoleVoter.setRolePrefix()
method to be called with configured with therolePrefix
in theGrantedAuthorityDefaults
bean similar to how theJsr250MethodSecurityMetadataSource
class is configured.Configuration
Spring Boot 1.5.3.RELEASE
Version
Spring Security 4.2.3.RELEASE
Sample
Log output:
The text was updated successfully, but these errors were encountered: