Previously SecurityContextHolderAwareRequestWrapper always prefixed with rolePrefix. This meant the defaults would never return true for a role that started with the prefix (i.e. ROLE_). We no longer apply the rolePrefix if the value passed in already starts with rolePrefix.