spring-in-action-5-samples icon indicating copy to clipboard operation
spring-in-action-5-samples copied to clipboard

Published 20 hours ago verified publisher icon habuma

Chapter 4.3.1: configure(HttpSecurity http)-sample causes BeanCreationException

Open wellar opened this issue 4 years ago • 1 comments

The sample-code

@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/design", "/orders") .hasRole("ROLE_USER") .antMatchers("/”, "/**").permitAll() ; }

causes an exception at startup:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: role should not start with 'ROLE_' since it is automatically inserted. Got 'ROLE_USER'

I read in the JavaDoc of class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl (on which the call to hasRole() is done) that the role-name should not start with "ROLE_" as the ROLE-prefix is automatically inserted. If you change the code to hasRole("USER") it works.

wellar avatar Apr 17 '20 11:04 wellar

remove ROLE_ in hasRole

morty6688 avatar May 27 '20 16:05 morty6688