参考Spring Security 4 中的 hasRole 和 hasAuthority 差异引发的思考_10Alexander01的博客-CSDN博客
hasRole和 hasAuthority的底层实现方式是类似的,功能是一样的,hasRole和hasAuthority判断的都是有没有权限,区别就是hasRole对应的权限有前缀ROLE_,而hasAuthority没有。
hasRole和hasAuthority的工作原理都是判断角色所拥有的权限有没有对应的字段,一般角色所拥有的权限从数据库中查出来,然后封装在user类中覆写的getAuthorities方法中,如下
@Override public Collection<? extends GrantedAuthority> getAuthorities() { if(!ObjectUtils.isEmpty(this.authorities) && !ObjectUtils.isEmpty(this.roles)){ Collection<GrantedAuthority> authoritylist = new ArrayList<GrantedAuthority>(); for (Authority authority:this.authorities ) { if(!ObjectUtils.isEmpty(authority)){ SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(authority.getAuthorityName()); authoritylist.add(simpleGrantedAuthority); } } for (String role : this.roles) { if(!ObjectUtils.isEmpty(role)){ SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(role); authoritylist.add(simpleGrantedAuthority); } } return authoritylist; }else{ return null; } }