szerhusenBC/jwt-spring-security-demo

HI, why ADMIN not ROLE_ADMIN ?

rzl opened this issue · 2 comments

rzl commented

where to add the role ADMIN ?
i not found role ADMIN any where but ROLE_ADMIN
where change ROLE_ADMIN to ADMIN in the code ?

What are you talking about? Please don`t question here unless you find some feature or bug.

rzl commented

sorry . 因为我的英文不是很好。原来控制中注释有相关的说明。

Remember that the hasRole expression assumes a 'ROLE_' prefix on all role names. So 'ADMIN' here is actually stored as 'ROLE_ADMIN' in database!

public class MethodProtectedRestController {

    /**
     * This is an example of some different kinds of granular restriction for endpoints. You can use the built-in SPEL expressions
     * in @PreAuthorize such as 'hasRole()' to determine if a user has access. Remember that the hasRole expression assumes a
     * 'ROLE_' prefix on all role names. So 'ADMIN' here is actually stored as 'ROLE_ADMIN' in database!
     **/
    @RequestMapping(method = RequestMethod.GET)
    @PreAuthorize("hasRole('ADMIN')")
    public ResponseEntity<?> getProtectedGreeting() {
        return ResponseEntity.ok("Greetings from admin protected method!");
    }

}