HI, why ADMIN not ROLE_ADMIN ？

Question

HI, why ADMIN not ROLE_ADMIN ？

rzl opened this issue 6 years ago · comments

where to add the role ADMIN ?
i not found role ADMIN any where but ROLE_ADMIN
where change ROLE_ADMIN to ADMIN in the code ?

Nirvana · Answer 1 · Sun Sep 30 2018 15:39:18 GMT+0800 (China Standard Time)

What are you talking about? Please don`t question here unless you find some feature or bug.

RZL · Answer 2 · Sun Sep 30 2018 15:55:26 GMT+0800 (China Standard Time)

sorry . 因为我的英文不是很好。原来控制中注释有相关的说明。

Remember that the hasRole expression assumes a 'ROLE_' prefix on all role names. So 'ADMIN' here is actually stored as 'ROLE_ADMIN' in database!

public class MethodProtectedRestController {

    /**
     * This is an example of some different kinds of granular restriction for endpoints. You can use the built-in SPEL expressions
     * in @PreAuthorize such as 'hasRole()' to determine if a user has access. Remember that the hasRole expression assumes a
     * 'ROLE_' prefix on all role names. So 'ADMIN' here is actually stored as 'ROLE_ADMIN' in database!
     **/
    @RequestMapping(method = RequestMethod.GET)
    @PreAuthorize("hasRole('ADMIN')")
    public ResponseEntity<?> getProtectedGreeting() {
        return ResponseEntity.ok("Greetings from admin protected method!");
    }

}