Closed sujith-mn closed 3 years ago
tobka777
commented
3 years ago Unfortunately, I had no success with the bean from the instructions. I tried a few approaches and none worked. That's when I saw roles being used with inMemoryAuthentication. Instead I used authorities and the prefix ROLE_ was not there anymore.
hohwille
commented
3 years ago Unfortunately, I had no success with the bean from the instructions. I tried a few approaches and none worked. That's when I saw roles being used with
inMemoryAuthentication. Instead I used authorities and the prefixROLE_was not there anymore.
I assume there is a missunderstanding here.
There are two independent places where a ROLE_ prefix is added:
roles(String) method of inMemoryAuthentication in WebSecurityConfig.@RolesAllowed annotation.I assume @tobka777 is talking about 1. while @sujith-mn created this issue for 2. We should still try to create a PR for 2. as suggested by @sujith-mn to simplify our spring usage.
hohwille
commented
3 years ago Was autoclosed by PR #402. Reopening as still not implemented as described.
As a Developer, I want to remove ROLE_ using java config.
Refer: https://stackoverflow.com/questions/38134121/how-do-i-remove-the-role-prefix-from-spring-security-with-javaconfig
Related Issue: https://github.com/devonfw/devon4j/issues/385
Acceptance-Criteria:
@RolesAllowedannotation still working and spring-security is matching AccessControls from the permission annotated via@RolesAllowedwithout any artificialROLE_prefix.