Recently, I stumbled upon a scenario where I had to map the roles from legacy database to spring security’s InterceptUrlMap and they did not have the ROLE_ prefix to them. I faced the following error:

for the following InterceptUrlMap:

Solution was to switch to the expression in the mapping like:

Fork the sample code from here to see it in action. Hope, it saves you from trouble. 🙂