spring security 5.x去除默认前缀

  .antMatchers("/**/users/admin/**").access("hasAnyRole('ADMIN')")
  .antMatchers("/**/users/test/**").access("hasAnyRole('USER')")

.antMatchers("/**/users/test/**").hasRole('USER')

@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)//启用方法级的权限认证
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

 /**
     * 干掉默认的授权前缀
     * 工作方式.access("hasRole('USER')")而不是 hasRole('USER')
     */
    @Bean
    GrantedAuthorityDefaults grantedAuthorityDefaults() {
        return new GrantedAuthorityDefaults(""); // Remove the ROLE_ prefix
    }
}