java CAS 4 Spring security无法使用AssertionAttributesUserDetailsService中的GrantedAuthorityFromAssertionAttributesUserDetails设置角色

我正在使用CAS 4-Spring Security-Active directory

是否有人能够成功地从成功身份验证后检索到的角色中设置授予的权限

互联网搜索建议使用“GrantedAuthorityFromAssertionAttributesUserDetailsService”，这将设置授予的authroites，但我不能

我正在使用服务中的allowedAttributes释放这个变量“role”。 我还可以从LDAP中检索角色，并将其分配给角色变量。下面的代码假设将授予的权限设置为SecurityContext，但它没有这样做

<beans:bean id="authenticationUserDetailsService"
  class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService" >
  <beans:constructor-arg >
      <beans:array>
          <beans:value>role</beans:value>
      </beans:array>
  </beans:constructor-arg>
</beans:bean>

当尝试检查hasRoles（“MY_ROLE”）时，我的访问被拒绝403，似乎我无法在授予的权限上设置检索到的角色

服务器日志

10:00:24,340 DEBUG http-bio-8443-exec-10 intercept.FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.cas.authentication.CasAuthenticationToken@e848bc56: Principal:
 org.springframework.security.core.userdetails.User@a4b4d0a7: Username: taylorj; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 10.100.20.125; Session
Id: 4652D17239607600EF2748E939F70BB0; Not granted any authorities Assertion: org.jasig.cas.client.validation.AssertionImpl@4a269585 Credentials (Service/Proxy Ticket): ST-1-tuVjcs2BP2UvyVUe50bZ-cas01.xxxx

有人实现过这个功能吗？还是虫子