I wanted to add more than one permission on springSecurity roles

0

I would like to know how to add more than one permission to the same folder in springSecurity because I wanted the admin to also have the same common user access as another page.

 <http auto-config="true" use-expressions="true" disable-url-rewriting="false">

    <intercept-url pattern="/View/UnSecured/**" access="permitAll" />
    <intercept-url pattern="/login" access="permitAll"/>
    <intercept-url pattern="/View/Secured/user/**" access="hasRole('ROLE_COMMON')"/>
    <intercept-url pattern="/View/Secured/adm/**" access="hasRole('ROLE_ADMIN')"/>
    <intercept-url pattern="/javax.faces.resource/**" access="permitAll"/>
    <intercept-url pattern="/img/**" access="permitAll" />
    <intercept-url pattern="/theme/**" access="permitAll" />
    <intercept-url pattern="Pacotes de Código-fonte/**" access="permitAll"/>

    <!-- Custom login page -->
    <form-login always-use-default-target="true"
                default-target-url="/View/Secured/user/index.jsf"
                authentication-failure-url="/login.xhtml?auth=fail"
                login-page="/login.jsf"/>

    <!-- Custom logout page -->
     <logout logout-success-url="/login.jsf" />
</http>
    
asked by anonymous 23.02.2018 / 15:37

2 answers

1
  

I'd like to know how to add more than one   permission for same folder in springSecurity ...

You can use the expression hasAnyRole ([role1, role2]), example:

 <intercept-url pattern="/View/Secured/user/**" access="hasAnyRole('ROLE_ADMIN', 'ROLE_COMMON')" />

You can see this expression and several others in documentation .

    
24.02.2018 / 14:33
0

You can organize folders and add access in this way

 <intercept-url pattern="/View/Secured/user/**" access="hasRole('ROLE_ADMIN') or hasRole('ROLE_COMMON')" />

access="hasRole('ROLE_ADMIN') or hasRole('ROLE_COMMON')" will make the admin have access to all pages within View / Secured / user . The ** (double asterisks) means that it has access to the directory and its sub-directories, if you leave only with 1, it will only access the folder of that directory. If your case is not this, I advise you to create a shared directory only with the pages that the 2 roles share, for example, I use the shared user edit directory, and add this double permission, because both roles edit the information profile on the same page

    
23.02.2018 / 15:51