I wanted to add more than one permission in the springSecurity roles

Asked

Viewed 162 times

0

I would like to know the correct way to add more than one permission to the same folder in springSecurity because I wanted the admin to have the same access as the average user with an extra page.

 <http auto-config="true" use-expressions="true" disable-url-rewriting="false">

    <intercept-url pattern="/View/UnSecured/**" access="permitAll" />
    <intercept-url pattern="/login" access="permitAll"/>
    <intercept-url pattern="/View/Secured/user/**" access="hasRole('ROLE_COMMON')"/>
    <intercept-url pattern="/View/Secured/adm/**" access="hasRole('ROLE_ADMIN')"/>
    <intercept-url pattern="/javax.faces.resource/**" access="permitAll"/>
    <intercept-url pattern="/img/**" access="permitAll" />
    <intercept-url pattern="/theme/**" access="permitAll" />
    <intercept-url pattern="Pacotes de Código-fonte/**" access="permitAll"/>

    <!-- Custom login page -->
    <form-login always-use-default-target="true"
                default-target-url="/View/Secured/user/index.jsf"
                authentication-failure-url="/login.xhtml?auth=fail"
                login-page="/login.jsf"/>

    <!-- Custom logout page -->
     <logout logout-success-url="/login.jsf" />
</http>

2 answers

1


I would like to know the correct way to add more than one permission for same folder in springSecurity...

You can use the expression hasAnyRole([role1,role2]),example:

 <intercept-url pattern="/View/Secured/user/**" access="hasAnyRole('ROLE_ADMIN', 'ROLE_COMMON')" />

You can see this expression and several others in documentation.

  • 1

    This worked out thanks so much for the help

0

You can arrange the folders and add access in this way

 <intercept-url pattern="/View/Secured/user/**" access="hasRole('ROLE_ADMIN') or hasRole('ROLE_COMMON')" />

the access="hasRole('ROLE_ADMIN') or hasRole('ROLE_COMMON')" will make the admin have access to all pages within View/Secured/user. The **(double asterisks) means that it has access to the directory and its subdirectories, if you leave only 1, it will only access the folder of that directory. If this is not your case, I advise you to create a shared directory only with the pages that the 2 roles share, such as I use the shared user editor directory, and add this double permission, because both roles edit profile information on the same page

  • when I added this part access="hasRole('ROLE_ADMIN') and hasRole('ROLE_COMMON')" it just doesn’t let access anymore

  • sorry, I will edit, I made a mistake there, the AND condition only allows access if he has both ROLE, just switch to OR

  • Quiet I had already applied and realized, thank you very much.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.