stackoom
  简体   繁体   中英

Roles in Jhipster 4

 原文  2018-04-07 23:00:49       java/ spring-security/ jhipster

Question

I'm using jhipster 4 , I have a doubt, I try to put a new role without a pattern ROLE_* and it does not work when i use the java annotation @Secured . 

public final class AuthoritiesConstants {   
  public static final String SUPERVISED = "SUPERVISED";
  ...

I check it over many websites about this issue and i can't find any suggest. And i need to put a role called SUPERVISED because my app needs to integrate with other. 

@Secured({AuthoritiesConstants.SUPERVISED)
public class GreatResource {
...

When the webclient do a request with a role SUPERVISED, the action it is denied

Why this happend?

1 answers

solution1
 1 ACCPTED  2018-04-10 02:46:08

When using the @Secured annotation, by default if the supplied role does not start with ROLE_ then it will be added. The filter is checking for ROLE_SUPERVISED instead of SUPERVISED , which is why it is not working as expected.

With Expression-Based Access Control , you can check a user's authorities including those without a ROLE_ prefix. Use the @PreAuthorize annotation combined with the hasAuthority expression: 

@PreAuthorize("hasAuthority('SUPERVISED')")

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question What are Jhipster Roles used for? Jhipster new Roles - Full authentication is required jHipster - How to add new User Roles How to restrict access in Api's based on Roles with Jhipster Checkbox in JHipster Starting with JHipster Jhipster mongodb jhipster LazyInitializationException Elasticsearch and jhipster Time in JHipster
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM