Apply ROLE_ prefix when needed in ReactiveSecurityContext isUserInRole

See gh-11869
2018-02-20 16:35:51 +00:00 · 2018-02-20 16:35:51 +00:00 · ae45b6730b
parent 20f104766b
commit ae45b6730b
1 changed files with 8 additions and 1 deletions
--- a/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/web/reactive/AbstractWebFluxEndpointHandlerMapping.java
+++ b/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/web/reactive/AbstractWebFluxEndpointHandlerMapping.java
@ -46,6 +46,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.util.ClassUtils;
+import org.springframework.util.CollectionUtils;
 import org.springframework.util.ReflectionUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.RequestBody;
@ -389,6 +390,8 @@ public abstract class AbstractWebFluxEndpointHandlerMapping

 	private static final class ReactiveSecurityContext implements SecurityContext {

+		private static final String ROLE_PREFIX = "ROLE_";
+
 		private final Authentication authentication;

 		ReactiveSecurityContext(Authentication authentication) {
@ -402,9 +405,13 @@ public abstract class AbstractWebFluxEndpointHandlerMapping

 		@Override
 		public boolean isUserInRole(String role) {
-			if (this.authentication == null || !this.authentication.isAuthenticated()) {
+			if (this.authentication == null || !this.authentication.isAuthenticated()
+					|| CollectionUtils.isEmpty(this.authentication.getAuthorities())) {
 				return false;
 			}
+			if (!role.startsWith(ROLE_PREFIX)) {
+				role = ROLE_PREFIX + role;
+			}
 			for (GrantedAuthority grantedAuthority : this.authentication
 					.getAuthorities()) {
 				if (role.equals(grantedAuthority.getAuthority())) {