Spring-boot读书笔记一Role Naming Convention
Role Naming Convention
Spring Security Role Convention:
Roles are typically UPPERCASE,Spring automatically adds "ROLE_" prefix internally,roles("USER") becomes ROLE_USER authority
What Happens Internally
- .roles("USER") // Becomes: ROLE_USER
- .roles("ADMIN") // Becomes: ROLE_ADMIN
Authorization Check
.antMatchers("/delete/**").hasRole("ADMIN") // Looks for ROLE_ADMIN
If you used lowercase:
.roles("user") // Becomes: ROLE_user (wrong!)
Then hasRole("ADMIN") wouldn't match ROLE_user.
Correct Usage
- Username: Can be any case ("user", "User", "USER")
- Role: Should be uppercase ("USER", "ADMIN")
Summary
The role name must match what you use in your authorization rules (hasRole("ADMIN"), etc.).
浙公网安备 33010602011771号