Role in Spring security

web/spring

Role in Spring security

OYG 2019. 11. 22. 15:08

<security:http auto-config="true"
    access-decision-manager-ref="accessDecisionManager">
...
</security:http>

<bean id="accessDecisionManager"
    class="org.springframework.security.vote.AffirmativeBased">
  <property name="allowIfAllAbstainDecisions" value="false" />
  <property name="decisionVoters">
    <list>
      <bean class="org.springframework.security.vote.RoleVoter">
        <property name="rolePrefix" value="" /> 
      </bean>
    </list>
  </property>
</bean>

role은 "ROLE_"로 시작해야 한다.(error point)

다른 role을 사용하는 시스템에

Spring Security를 연결하는 경우

Access Decision Manager를 정의,

RoleVoter에 prefix를 재설정한다