SpringBoot Security 设置权限测试结果
ADMIN2,ROLE_ADMIN
String[] permissions = "ADMIN2,ROLE_ADMIN".split(",");
List<GrantedAuthority> authorities = new ArrayList<>();
for (String permission : permissions) {
authorities.add(new SimpleGrantedAuthority(permission));
}
userDetails.setAuthorities(authorities);
在控制器上增加方法注解权限测试结果:
@PreAuthorize("hasRole('ADMIN')") //允许
@PreAuthorize("hasRole('ROLE_ADMIN')") //允许
@PreAuthorize("hasRole('ADMIN2')") //不允许
@PreAuthorize("hasRole('ROLE_ADMIN2')") //不允许
@PreAuthorize("hasAuthority('ADMIN2')") //允许
@PreAuthorize("hasAuthority('ROLE_ADMIN2')") //不允许
@PreAuthorize("hasAuthority('ADMIN')") //不允许
@PreAuthorize("hasAuthority('ROLE_ADMIN')") //允许
测试表明:
增加前缀ROLE_,可以通过三种方式校验权限:
@PreAuthorize("hasRole('ADMIN')") //允许
@PreAuthorize("hasRole('ROLE_ADMIN')") //允许
@PreAuthorize("hasAuthority('ROLE_ADMIN')") //允许
不增加ROLE_只能通过一种方式校验权限:
@PreAuthorize("hasAuthority('ADMIN2')") //允许