What is the difference between ROLE_USER and ROLE_ANONYMOUS in a Spring intercept url configuration?
Asked Answered
A

2

9

What is the difference between ROLE_USER and ROLE_ANONYMOUS in a Spring intercept url configuration such as the example below?

<http auto-config="false" access-decision-manager-ref="accessDecisionManager"
    use-expressions="true">
    <intercept-url pattern="/admin/**" access="hasRole('ROLE_ANONYMOUS')"
        requires-channel="http" />
    <intercept-url pattern="/login/**" access="hasRole('ROLE_ANONYMOUS')"
        requires-channel="${application.secureChannel}" />
    <intercept-url pattern="/error/**" access="hasRole('ROLE_ANONYMOUS')"
        requires-channel="http" />
    <intercept-url pattern="/register/**" access="hasRole('ROLE_ANONYMOUS')"
        requires-channel="${application.secureChannel}" />
    <intercept-url pattern="/" access="hasRole('ROLE_ANONYMOUS')"
        requires-channel="http" />
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')"
        requires-channel="http" />
    <form-login login-page="/login" login-processing-url="/login/submit"
        authentication-failure-url="/login/error" />
    <logout logout-url="/logout" />
</http>
Aspirant answered 8/8, 2010 at 19:47 Comment(0)
E
16

ROLE_ANONYMOUS is the default role assigned to an unauthenticated (anonymous) user when a configuration uses Spring Security's "anonymous authentication" filter . This is enabled by default. However, it is probably clearer if you use the expression isAnonymous() instead, which has the same meaning.

ROLE_USER has no meaning unless you assign this role to your users when they are authenticated (you are in charge of loading the roles (authorities) for an authenticated user). It isn't a name that is built in to Spring Security's infrastructure. In the given example, presumably that role is assigned to an authenticated user.

Engrossment answered 8/8, 2010 at 23:52 Comment(1)
I found this helpful #19525880Orthoclase
T
1

ROLE_ANONYMOUS has no user credentials, ROLE_USER has user credentials... has been authenticated.

this is my interpretation based on the configuration provided

Tillotson answered 8/8, 2010 at 20:0 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.