๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
๐ŸŽจ Projects/์—๋Ÿฌ๋ชจ์Œ

[์—๋Ÿฌ๋ชจ์Œ] Failed to evaluate expression 'hasRole('ROLE_USER') or hasRole('ROLE_MANAGER') or hasROLE('ROLE_ADMIN')'

by HelloRabbit 2023. 3. 19.
728x90

์—๋Ÿฌ ์„ค๋ช…

์ž๋ฐ” ํ”„๋กœ์ ํŠธ์—์„œ SecurityConfig.java๋ฅผ ํ†ตํ•ด ์‹œํ๋ฆฌํ‹ฐ ํ•„ํ„ฐ๋ฅผ ๊ฑฐ์ณ ์›น ํŽ˜์ด์ง€ ์ ‘๊ทผํ•  ๋•Œ ์ƒ๊ธด ์—๋Ÿฌ

์—๋Ÿฌ ๋ฉ”์„ธ์ง€

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@RequiredArgsConstructor
public class SecurityConfig extends WebSecurityConfigurerAdapter{
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.csrf().disable();
		http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
			.and()
			.formLogin().disable()
			.httpBasic().disable()
			.authorizeRequests()
			.antMatchers("/api/v1/user/**")
			.access("hasRole('ROLE_USER') or hasRole('ROLE_MANAGER') or hasROLE('ROLE_ADMIN')")
			.antMatchers("/api/v1/manager/**")
			.access("hasRole('ROLE_MANAGER') or hasRole('ROLE_ADMIN')")
			.antMatchers("/api/v1/admin/**")
			.access("hasRole('ROLE_ADMIN')")
			.anyRequest().permitAll();
	}
}

 

ํ•ด๊ฒฐ

์ž์„ธํžˆ ๋ณด๋ฉด ์ฝ”๋“œ์—์„œ hasRole('ROLE_ADMIN') ์„ ์ ์€ 16๋ฒˆ์งธ ์ค„์— hasRole์ด ์•„๋‹ˆ๋ผ hasROLE์ด๋ผ๊ณ  ์ž˜๋ชป ์ ํ˜€์žˆ๋‹ค.

 

.access() ํ•จ์ˆ˜๋Š” ํŒŒ๋ผ๋ฏธํ„ฐ๋กœ "hasRole('ROLE_USER') and hasRole('ROLE_SUPER')" ์ด๋Ÿฐ์‹์œผ๋กœ ์ ์–ด์•ผํ•˜๊ธฐ ๋•Œ๋ฌธ์— ์กฐ๊ธˆ์ด๋ผ๋„ ํ‹€๋ฆฌ๋ฉด ์—๋Ÿฌ๊ฐ€ ๋œจ๋Š” ๊ฒƒ์ด๋‹ค.

 

์ง„์งœ ์‚ฌ์†Œํ•œ ์‹ค์ˆ˜๋„ ์ž๋ฐ”๋Š” ์šฉ์„œํ•˜์ง€ ์•Š๋Š”๋‹ค..๐Ÿฅฒ

 

 

ํ‹€๋ฆฐ ์ฝ”๋“œ (16๋ฒˆ์งธ ์ค„)

.access("hasRole('ROLE_USER') or hasRole('ROLE_MANAGER') or hasROLE('ROLE_ADMIN')")

 

์ˆ˜์ •ํ•œ ์ฝ”๋“œ

.access("hasRole('ROLE_USER') or hasRole('ROLE_MANAGER') or hasRole('ROLE_ADMIN')")

 

 

 

'๐ŸŽจ Projects > ์—๋Ÿฌ๋ชจ์Œ' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

[์—๋Ÿฌ๋ชจ์Œ] java.lang.ClassCastException: java.lang.Long cannot be cast to java.lang.String  (0) 2023.03.23
[์—๋Ÿฌ๋ชจ์Œ] com.auth0.jwt.exceptions.AlgorithmMismatchException: The provided Algorithm doesn't match the one defined in the JWT's Header  (0) 2023.03.21
[์—๋Ÿฌ๋ชจ์Œ] The dependencies of some of the beans in the application context form a cycle  (0) 2023.03.18
[GitHub] SQL ์ฝ”๋“œ ์ธ์‹ ๋ชปํ•จ  (0) 2023.03.12
[์—๋Ÿฌ๋ชจ์Œ] exceeded the 'max_questions' resource  (0) 2023.03.08

๊ด€๋ จ๊ธ€

๋Œ“๊ธ€

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”