Default roles in Spring Security 3.1

java spring-security default roles
10,018

Solution 1

The IS_AUTHENTICATED_ANONYMOUSLY is defined in the AuthenticatedVoter class.
The various ROLE_xxxx have no special meaning.

Spring Security by defaults suggests these roles because they are used in most applications.
However you are free to define and use custom roles (i.e. ROLE_SUPERMAN).
You just have to make sure that the UserDetail returned by your UserDetailService has this ROLE assigned as GrantedAuthority (either from a DB or manually).

Actually ROLE is the prefix. If you want to change it to APP (i.e. APP_ADMIN) you have to define a custom AppVoter:

<bean class="org.springframework.security.vote.RoleVoter">
  <property name="rolePrefix" value="APP"/>
</bean>

Solution 2

Roles ROLE_SUPERVISOR, ROLE_USER are defined by us according to our application.

How to create custom roles : How do I use custom roles/authorities in Spring Security?

Refer Tutorial to create custom roles using org.springframework.security.core.userdetails.UserDetailsService

Share:
10,018
Jérôme Verstrynge
Author by

Jérôme Verstrynge

You can contact me via my LinkedIn profile.

Updated on June 04, 2022

Comments

  • Jérôme Verstrynge
    Jérôme Verstrynge almost 2 years

    The Spring 3.1 Security contact example uses a couple of roles in its applicationContext-security.xml:

    <intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/hello.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/switchuser.jsp" access="ROLE_SUPERVISOR"/>
<intercept-url pattern="/j_spring_security_switch_user" access="ROLE_SUPERVISOR"/>
<intercept-url pattern="/**" access="ROLE_USER"/>

    Where are these IS_AUTHENTICATED_ANONYMOUSLY, ROLE_SUPERVISOR, ROLE_USER roles defined? Are these default roles create by Spring Security?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Spring boot how make a user role managing with jwt
Show SQL errors of Spring-security in tomcat
How to enable CORS at Spring Security level in Spring boot
Spring Security get user info in rest service, for authenticated and not authenticated users
Property 'userDetailsService': no matching editors or conversion strategy found
Integrating Spring Security with SiteMinder
spring security get user id from DB
Spring Security Oauth2: Flow to Handling Expired AccessToken
Spring security application of antMatcher() vs. antMatchers()
HTTP Status 403 - Expected CSRF token not found. Has your session expired?