From 56eb658eae6c496f7d2cb9a343109d9f04648a67 Mon Sep 17 00:00:00 2001
From: Dongmin Shin <dongmyo@nhnent.com>
Date: Thu, 6 Dec 2018 15:02:06 +0900
Subject: [PATCH] RoleVoter Configuration Defaults Prefix Using
 GrantedAuthorityDefauts

Fixes: gh-4876
---
 .../GlobalMethodSecurityConfiguration.java    |  8 +++-
 ...lobalMethodSecurityConfigurationTests.java | 39 +++++++++++++++++++
 2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
index 9693c0c09f..35ef7a36ab 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
@@ -255,7 +255,13 @@ public class GlobalMethodSecurityConfiguration
 		if (jsr250Enabled()) {
 			decisionVoters.add(new Jsr250Voter());
 		}
-		decisionVoters.add(new RoleVoter());
+		RoleVoter roleVoter = new RoleVoter();
+		GrantedAuthorityDefaults grantedAuthorityDefaults =
+				getSingleBeanOrNull(GrantedAuthorityDefaults.class);
+		if (grantedAuthorityDefaults != null) {
+			roleVoter.setRolePrefix(grantedAuthorityDefaults.getRolePrefix());
+		}
+		decisionVoters.add(roleVoter);
 		decisionVoters.add(new AuthenticatedVoter());
 		return new AffirmativeBased(decisionVoters);
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
index 56997cced0..9d459a6a98 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
@@ -34,6 +34,7 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.PermissionEvaluator;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
 import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
 import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
@@ -514,4 +515,42 @@ public class GlobalMethodSecurityConfigurationTests {
 			public void customPrefixRoleUser() {}
 		}
 	}
+
+	@Test
+	@WithMockUser(authorities = "USER")
+	public void grantedAuthorityDefaultsWithEmptyRolePrefix() {
+		this.spring.register(EmptyRolePrefixGrantedAuthorityConfig.class).autowire();
+
+		EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext()
+				.getBean(EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService.class);
+
+		assertThatThrownBy(() -> this.service.securedUser())
+				.isInstanceOf(AccessDeniedException.class);
+
+		customService.emptyPrefixRoleUser();
+		// no exception
+	}
+
+	@EnableGlobalMethodSecurity(securedEnabled = true)
+	static class EmptyRolePrefixGrantedAuthorityConfig {
+		@Bean
+		public GrantedAuthorityDefaults ga() {
+			return new GrantedAuthorityDefaults("");
+		}
+
+		@Bean
+		public CustomAuthorityService service() {
+			return new CustomAuthorityService();
+		}
+
+		@Bean
+		public MethodSecurityServiceImpl methodSecurityService() {
+			return new MethodSecurityServiceImpl();
+		}
+
+		static class CustomAuthorityService {
+			@Secured("USER")
+			public void emptyPrefixRoleUser() {}
+		}
+	}
 }