.access(“hasRole(‘ROLE_USER’)”)如果用.hasRole(“ROLE_USER”)会报错。
org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘springSecurityFilterChain’ defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method ‘springSecurityFilterChain’ threw exception; nested exception is java.lang.IllegalArgumentException: role should not start with ‘ROLE_’ since it is automatically inserted. Got ‘ROLE_USER’
像下面代码这样是可以的,不要ROLE_USER,直接USER,不应该用ROLE_开头因为会自动加一个。
hasRole在进行权限判断时会被追加前缀ROLE_。
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/design", "/orders")
.hasRole("USER"