在使用Spring Security时,.access("hasRole('ROLE_USER')")会导致Bean创建异常,因为hasRole会自动添加'ROLE_'前缀。正确做法是不使用'ROLE_'前缀,如.hasRole('USER'),或者直接使用表达式'USER',避免不必要的角色前缀导致的问题。
.access(“hasRole(‘ROLE_USER’)”)如果用.hasRole(“ROLE_USER”)会报错。
org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘springSecurityFilterChain’ defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method ‘springSecurityFilterChain’ threw exception; nested exception is java.lang.IllegalArgumentException: role should not start with ‘ROLE_’ since it is automatically inserted. Got ‘ROLE_USER’
像下面代码这样是可以的,不要ROLE_USER,直接USER,不应该用ROLE_开头因为会自动加一个。
hasRole在进行权限判断时会被追加前缀ROLE_。
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/design", "/orders")
.hasRole("USER"
最低0.47元/天 解锁文章
1610
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
