Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

hasRole should not be called on a string with "ROLE_" prefix (#6353) 

Removed "ROLE_" from UrlAuthorizationConfigurer

This fixes IllegalArgumentException: ROLE_ANONYMOUS should not start
with ROLE_ since ROLE_
This commit is contained in:
Mohammad Sadeq Dousti 2019-01-15 18:29:34 +03:30 committed by Rob Winch
parent 5fbf9532e1
commit d099a62a6f
2 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
View File

@ -344,7 +344,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
* @return the {@link UrlAuthorizationConfigurer} for further customization
*/
public StandardInterceptUrlRegistry anonymous() {
return hasRole("ROLE_ANONYMOUS");
return hasRole("ANONYMOUS");
}
/**

19
config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java
View File

@ -41,6 +41,7 @@ import static org.assertj.core.api.Assertions.assertThat;
/**
* @author Rob Winch
* @author M.S. Dousti
*
*/
public class UrlAuthorizationConfigurerTests {
@ -203,6 +204,24 @@ public class UrlAuthorizationConfigurerTests {
}
}
@Test
public void anonymousUrlAuthorization() {
loadConfig(AnonymousUrlAuthorizationConfig.class);
}
@EnableWebSecurity
@Configuration
static class AnonymousUrlAuthorizationConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.apply(new UrlAuthorizationConfigurer<>(null)).getRegistry()
.anyRequest().anonymous();
// @formatter:on
}
}
public void loadConfig(Class<?>... configs) {
this.context = new AnnotationConfigWebApplicationContext();
this.context.register(configs);