I'm using jhipster 4 , I have a doubt, I try to put a new role without a pattern ROLE_* and it does not work when i use the java annotation @Secured .
public final class AuthoritiesConstants {
public static final String SUPERVISED = "SUPERVISED";
...
I check it over many websites about this issue and i can't find any suggest. And i need to put a role called SUPERVISED because my app needs to integrate with other.
@Secured({AuthoritiesConstants.SUPERVISED)
public class GreatResource {
...
When the webclient do a request with a role SUPERVISED, the action it is denied
Why this happend?
When using the @Secured
annotation, by default if the supplied role does not start with ROLE_
then it will be added. The filter is checking for ROLE_SUPERVISED
instead of SUPERVISED
, which is why it is not working as expected.
With Expression-Based Access Control , you can check a user's authorities including those without a ROLE_
prefix. Use the @PreAuthorize
annotation combined with the hasAuthority
expression:
@PreAuthorize("hasAuthority('SUPERVISED')")
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.