AuthorizeHttpRequestsConfigurer#XXXrole methods should ensure the role does not begin with the role prefix

[jzheaux]

Similar to how User.UserBuilder works, configuration should fail if configurations like the following are attempted:

hasRole('ROLE_USER')
hasAnyRole('ROLE_USER')

Otherwise, scenarios like this SO question crop up.

[bist220]

Can I work on this?

[bist220]

submitted a pr #12760

[super-iterator]

When this PR is expected to be mainstreamed?

[super-iterator]

I'd like to add that in addition to this issue, hasAuthority('ROLE_USER') doesn't work, and I have to use either hasAnyRole('ROLE_USER') or hasRole('ROLE_USER') with the ROLE_ prefix for this to work. I hope that both issues will be considered.

[bist220]

hasAuthority("ROLE_USER") works fine, atleast in 6.0.1 Also hasAnyRole or hasRole should not start with ROLE_ prefix

[super-iterator]

I'm using 6.0.2 and it doesn't work for (talking about hasAuthority)