We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Given the following role hierarchy defined in the Spring security configuration:
@Bean fun roleHierarchy(): RoleHierarchy { val roleHierarchy = RoleHierarchyImpl() val hierarchy = "ROLE_ADMIN > ROLE_USER" roleHierarchy.setHierarchy(hierarchy) return roleHierarchy }
Given the following authorisations:
http.requestMatchers("/bar/**").hasAuthority("USER")
A user with the ROLE_ADMIN role should be able to access the /bar/** urls
ROLE_ADMIN
/bar/**
403 Fordidden
The following changes to the configuration have no effect
@Bean fun webSecurityExpressionHandler(): DefaultWebSecurityExpressionHandler { val expressionHandler = DefaultWebSecurityExpressionHandler() expressionHandler.setRoleHierarchy(roleHierarchy()) return expressionHandler } @Bean fun expressionHandler(): DefaultMethodSecurityExpressionHandler { val expressionHandler = DefaultMethodSecurityExpressionHandler() expressionHandler.setRoleHierarchy(roleHierarchy()) return expressionHandler } @Bean fun grantedAuthoritiesMapper(roleHierarchy: RoleHierarchy): GrantedAuthoritiesMapper { return RoleHierarchyAuthoritiesMapper(roleHierarchy) }
17 Corretto
1.7.22
3.0.3
6.0.2
see spring-projects/spring-security#12473 see spring-projects/spring-security#12505 see vrudas/spring-framework-examples#101
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Context
Given the following role hierarchy defined in the Spring security configuration:
Given the following authorisations:
Expected behaviour
A user with the
ROLE_ADMIN
role should be able to access the/bar/**
urlsCurrent result
Changes
The following changes to the configuration have no effect
Versions
17 Corretto
1.7.22
3.0.3
6.0.2
see spring-projects/spring-security#12473
see spring-projects/spring-security#12505
see vrudas/spring-framework-examples#101
The text was updated successfully, but these errors were encountered: