HI, why ADMIN not ROLE_ADMIN ?
rzl opened this issue · 2 comments
rzl commented
where to add the role ADMIN ?
i not found role ADMIN any where but ROLE_ADMIN
where change ROLE_ADMIN to ADMIN in the code ?
Himly1 commented
What are you talking about? Please don`t question here unless you find some feature or bug.
rzl commented
sorry . 因为我的英文不是很好。原来控制中注释有相关的说明。
Remember that the hasRole expression assumes a 'ROLE_' prefix on all role names. So 'ADMIN' here is actually stored as 'ROLE_ADMIN' in database!
public class MethodProtectedRestController {
/**
* This is an example of some different kinds of granular restriction for endpoints. You can use the built-in SPEL expressions
* in @PreAuthorize such as 'hasRole()' to determine if a user has access. Remember that the hasRole expression assumes a
* 'ROLE_' prefix on all role names. So 'ADMIN' here is actually stored as 'ROLE_ADMIN' in database!
**/
@RequestMapping(method = RequestMethod.GET)
@PreAuthorize("hasRole('ADMIN')")
public ResponseEntity<?> getProtectedGreeting() {
return ResponseEntity.ok("Greetings from admin protected method!");
}
}