为什么它在 Spring 受 Azure AD 保护的启动应用程序中被称为 'APPROLE_Admin' 而不是 'Admin'
why it is called 'APPROLE_Admin' instead of 'Admin' in Spring boot App secured by Azure AD
我按照文章https://docs.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-active-directory创建了一个 App 角色
并分配给用户
在 spring 启动应用程序中,我必须使用 'APPROLE_Admin' 而不是 'Admin' 吗?为什么?应该只有 'Admin',正确吗?
@CrossOrigin(origins = "http://localhost:8080")
@RestController
@RequestMapping("/api")
public class TutorialController {
@Autowired
TutorialRepository tutorialRepository;
@PreAuthorize("hasAuthority('APPROLE_Admin')")
@GetMapping("/tutorials")
APPROLE_ 前缀来自 Spring Cloud Azure 的默认 属性 配置。
spring.cloud.azure.active-directory.resource-server.claim-to-authority-prefix-map
Configure which claim will be used to build GrantedAuthority, and prefix of the GrantedAuthority’s string value. Default value is: "scp" → "SCOPE_", "roles" → "APPROLE_".
您可以使用所需的前缀更新 属性:
spring:
cloud:
azure:
active-directory:
resource-server:
claim-to-authority-prefix-map:
roles: "" # no prefix
scp: "MY_SCP_PREFIX_"
我按照文章https://docs.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-active-directory创建了一个 App 角色
并分配给用户
在 spring 启动应用程序中,我必须使用 'APPROLE_Admin' 而不是 'Admin' 吗?为什么?应该只有 'Admin',正确吗?
@CrossOrigin(origins = "http://localhost:8080")
@RestController
@RequestMapping("/api")
public class TutorialController {
@Autowired
TutorialRepository tutorialRepository;
@PreAuthorize("hasAuthority('APPROLE_Admin')")
@GetMapping("/tutorials")
APPROLE_ 前缀来自 Spring Cloud Azure 的默认 属性 配置。
spring.cloud.azure.active-directory.resource-server.claim-to-authority-prefix-map
Configure which claim will be used to build GrantedAuthority, and prefix of the GrantedAuthority’s string value. Default value is: "scp" → "SCOPE_", "roles" → "APPROLE_".
您可以使用所需的前缀更新 属性:
spring:
cloud:
azure:
active-directory:
resource-server:
claim-to-authority-prefix-map:
roles: "" # no prefix
scp: "MY_SCP_PREFIX_"