Closed sujith-mn closed 3 years ago
Unfortunately, I had no success with the bean from the instructions. I tried a few approaches and none worked. That's when I saw roles being used with inMemoryAuthentication
. Instead I used authorities and the prefix ROLE_
was not there anymore.
Unfortunately, I had no success with the bean from the instructions. I tried a few approaches and none worked. That's when I saw roles being used with
inMemoryAuthentication
. Instead I used authorities and the prefixROLE_
was not there anymore.
I assume there is a missunderstanding here.
There are two independent places where a ROLE_
prefix is added:
roles(String)
method of inMemoryAuthentication
in WebSecurityConfig.@RolesAllowed
annotation.I assume @tobka777 is talking about 1. while @sujith-mn created this issue for 2. We should still try to create a PR for 2. as suggested by @sujith-mn to simplify our spring usage.
Was autoclosed by PR #402. Reopening as still not implemented as described.
As a Developer, I want to remove ROLE_ using java config.
Refer: https://stackoverflow.com/questions/38134121/how-do-i-remove-the-role-prefix-from-spring-security-with-javaconfig
Related Issue: https://github.com/devonfw/devon4j/issues/385
Acceptance-Criteria:
@RolesAllowed
annotation still working and spring-security is matching AccessControls from the permission annotated via@RolesAllowed
without any artificialROLE_
prefix.