Home > OS >  why it is called 'APPROLE_Admin' instead of 'Admin' in Spring boot App secured b
why it is called 'APPROLE_Admin' instead of 'Admin' in Spring boot App secured b

Time:05-23

I followed the article, enter image description here

and assigned the user

enter image description here

in the spring boot application, I have to use 'APPROLE_Admin' instead of 'Admin' ? why? it is supposed to be only 'Admin', correct?

@CrossOrigin(origins = "http://localhost:8080")
@RestController
@RequestMapping("/api")
public class TutorialController {

    @Autowired
    TutorialRepository tutorialRepository;

    @PreAuthorize("hasAuthority('APPROLE_Admin')")
    @GetMapping("/tutorials")

CodePudding user response:

The APPROLE_ prefix is coming from a default property configuration from Spring Cloud Azure.

spring.cloud.azure.active-directory.resource-server.claim-to-authority-prefix-map

Configure which claim will be used to build GrantedAuthority, and prefix of the GrantedAuthority’s string value. Default value is: "scp" → "SCOPE_", "roles" → "APPROLE_".

Documentation link

You can update the property with a desired prefix:

spring:
  cloud:
    azure:
      active-directory:
        resource-server:
          claim-to-authority-prefix-map:
            roles: "" # no prefix
            scp: "MY_SCP_PREFIX_"
  • Related