Skip to content

tutorial uses hasRole but should use hasAuthority #8796

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

tutorial uses hasRole but should use hasAuthority #8796

wants to merge 1 commit into from

Conversation

ultimatesecpro
Copy link

@ultimatesecpro ultimatesecpro commented Jul 5, 2020
edited
Loading

Without the change the prefix role is default "ROLE_ and the demo throws the following exception:
org.springframework.security.access.AccessDeniedException: Access is denied
while access to /post.html?id=1&amount=20.00.

@ultimatesecpro
Set the role prefix to the empty value
a0dc09b 
Without the change the prefix role is default "ROLE_ and the demo throws the following exception:
org.springframework.security.access.AccessDeniedException: Access is denied
while access to `/post.html?id=1&amount=20.00`.
@pivotal-issuemaster
Copy link

@ultimatesecpro Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jul 5, 2020
@pivotal-issuemaster
Copy link

@ultimatesecpro Thank you for signing the Contributor License Agreement!

@rwinch rwinch added in: docs An issue in Documentation or samples type: bug A general bug status: waiting-for-feedback We need additional information before we can continue and removed status: waiting-for-triage An issue we've not yet triaged labels Jul 7, 2020
@rwinch rwinch changed the title Set the role prefix to the empty value tutorial uses hasRole but should use hasAuthority Jul 7, 2020
@rwinch rwinch closed this in 9c33a86 Jul 7, 2020
@rwinch rwinch removed the status: waiting-for-feedback We need additional information before we can continue label Jul 7, 2020
@rwinch rwinch self-assigned this Jul 7, 2020
@rwinch
Copy link
Member

rwinch commented Jul 7, 2020

Thanks for the PR. I changed the method based security to use hasAuthority to be consistent with the web layer. See 9c33a86

@rwinch rwinch added this to the 5.4.0-RC1 milestone Jul 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@rwinch rwinch

Labels
in: docs An issue in Documentation or samples type: bug A general bug
Projects
None yet
Milestone
5.4.0-RC1
Development

Successfully merging this pull request may close these issues.
4 participants
@ultimatesecpro @pivotal-issuemaster @rwinch @spring-projects-issues