6 年之前 · 56eb658eae
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
@@ -255,7 +255,13 @@ public class GlobalMethodSecurityConfiguration
 
				 		if (jsr250Enabled()) {
			
 
				 			decisionVoters.add(new Jsr250Voter());
			
 
				 		}
			
 
				-		decisionVoters.add(new RoleVoter());
			
 
				+		RoleVoter roleVoter = new RoleVoter();
			
 
				+		GrantedAuthorityDefaults grantedAuthorityDefaults =
			
 
				+				getSingleBeanOrNull(GrantedAuthorityDefaults.class);
			
 
				+		if (grantedAuthorityDefaults != null) {
			
 
				+			roleVoter.setRolePrefix(grantedAuthorityDefaults.getRolePrefix());
			
 
				+		}
			
 
				+		decisionVoters.add(roleVoter);
			
 
				 		decisionVoters.add(new AuthenticatedVoter());
			
 
				 		return new AffirmativeBased(decisionVoters);
			
 
				 	}
			
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
@@ -34,6 +34,7 @@ import org.springframework.context.annotation.Bean;
 
				 import org.springframework.context.annotation.Configuration;
			
 
				 import org.springframework.security.access.AccessDeniedException;
			
 
				 import org.springframework.security.access.PermissionEvaluator;
			
 
				+import org.springframework.security.access.annotation.Secured;
			
 
				 import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
			
 
				 import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
			
 
				 import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
			
@@ -514,4 +515,42 @@ public class GlobalMethodSecurityConfigurationTests {
 
				 			public void customPrefixRoleUser() {}
			
 
				 		}
			
 
				 	}
			
 
				+
			
 
				+	@Test
			
 
				+	@WithMockUser(authorities = "USER")
			
 
				+	public void grantedAuthorityDefaultsWithEmptyRolePrefix() {
			
 
				+		this.spring.register(EmptyRolePrefixGrantedAuthorityConfig.class).autowire();
			
 
				+
			
 
				+		EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext()
			
 
				+				.getBean(EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService.class);
			
 
				+
			
 
				+		assertThatThrownBy(() -> this.service.securedUser())
			
 
				+				.isInstanceOf(AccessDeniedException.class);
			
 
				+
			
 
				+		customService.emptyPrefixRoleUser();
			
 
				+		// no exception
			
 
				+	}
			
 
				+
			
 
				+	@EnableGlobalMethodSecurity(securedEnabled = true)
			
 
				+	static class EmptyRolePrefixGrantedAuthorityConfig {
			
 
				+		@Bean
			
 
				+		public GrantedAuthorityDefaults ga() {
			
 
				+			return new GrantedAuthorityDefaults("");
			
 
				+		}
			
 
				+
			
 
				+		@Bean
			
 
				+		public CustomAuthorityService service() {
			
 
				+			return new CustomAuthorityService();
			
 
				+		}
			
 
				+
			
 
				+		@Bean
			
 
				+		public MethodSecurityServiceImpl methodSecurityService() {
			
 
				+			return new MethodSecurityServiceImpl();
			
 
				+		}
			
 
				+
			
 
				+		static class CustomAuthorityService {
			
 
				+			@Secured("USER")
			
 
				+			public void emptyPrefixRoleUser() {}
			
 
				+		}
			
 
				+	}
			
 
				 }