hasRole should not be called on a string with "ROLE_" prefix (#6353)

Removed "ROLE_" from UrlAuthorizationConfigurer

This fixes IllegalArgumentException: ROLE_ANONYMOUS should not start
with ROLE_ since ROLE_

Author: msdousti

config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java

@@ -344,7 +344,7 @@ public StandardInterceptUrlRegistry hasAnyAuthority(String... authorities) {
 		 * @return the {@link UrlAuthorizationConfigurer} for further customization
 		 */
 		public StandardInterceptUrlRegistry anonymous() {
-			return hasRole("ROLE_ANONYMOUS");
+			return hasRole("ANONYMOUS");
 		}
 
 		/**

config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java

@@ -41,6 +41,7 @@
 
 /**
  * @author Rob Winch
+ * @author M.S. Dousti
  *
  */
 public class UrlAuthorizationConfigurerTests {
@@ -203,6 +204,24 @@ public String path() {
 		}
 	}
 
+	@Test
+	public void anonymousUrlAuthorization() {
+		loadConfig(AnonymousUrlAuthorizationConfig.class);
+	}
+
+	@EnableWebSecurity
+	@Configuration
+	static class AnonymousUrlAuthorizationConfig extends WebSecurityConfigurerAdapter {
+		@Override
+		public void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.apply(new UrlAuthorizationConfigurer<>(null)).getRegistry()
+					.anyRequest().anonymous();
+			// @formatter:on
+		}
+	}
+
 	public void loadConfig(Class<?>... configs) {
 		this.context = new AnnotationConfigWebApplicationContext();
 		this.context.register(configs);