Spring Boot集成Security使用数据库用户角色权限ROLE

Spring Security默认前缀 “ROLE_” 所以数据库里面存的role角色要加上默认前缀：“ROLE_” 源代码如下：

public abstract class SecurityExpressionRoot implements SecurityExpressionOperations { protected final Authentication authentication; private AuthenticationTrustResolver trustResolver; private RoleHierarchy roleHierarchy; private Set<String> roles; private String defaultRolePrefix = "ROLE_"; ... ...(后面省略)

这样设计的原因是，在重写 protected void configure(AuthenticationManagerBuilder auth)方法时，能区分放入UserDetails里面的Collection集合中的是角色还是权限（角色和权限是多对多关系） 具体源代码如下：

public interface UserDetails extends Serializable { // ~ Methods // ======================================================================================================== /** * Returns the authorities granted to the user. Cannot return <code>null</code>. * * @return the authorities, sorted by natural key (never <code>null</code>) */ Collection<? extends GrantedAuthority> getAuthorities(); ... ...(后面省略)