Geek Answers Handbook

Spring multi-role security access

I want to define access for some pages for a user who has one of the following roles (ROLE1 or ROLE2)

I am trying to configure this in my spring security xml file as follows:

<security:http entry-point-ref="restAuthenticationEntryPoint" access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security" use-expressions="true"> <!-- skipped configuration --> <security:intercept-url pattern="/rest/api/myUrl*" access="hasRole('ROLE1') or hasRole('ROLE2')" /> <!-- skipped configuration --> </security:http>

I tried various ways:

 access="hasRole('ROLE1, ROLE2')" access="hasRole('ROLE1', 'ROLE2')" access="hasAnyRole('[ROLE1', 'ROLE2]')"

etc.

but nothing works.

I get an exception

 java.lang.IllegalArgumentException: Unsupported configuration attributes:

or

 java.lang.IllegalArgumentException: Failed to parse expression 'hasAnyRole(['ROLE1', 'ROLE2'])'

how to configure it?

thanks

+11
java spring spring-security
source share
3 answers

The problem was that I configured a custom access-decision-manager-ref="accessDecisionManager" and failed to pass any of the voters.

org.springframework.security.web.access.expression.WebExpressionVoter adding org.springframework.security.web.access.expression.WebExpressionVoter for the accessDecisionManager component.

-one
source share

How to try with , split. See Doc here and here .

 <security:intercept-url pattern="/rest/api/myUrl*" access="ROLE1,ROLE2"/>

OR

 hasAnyRole('ROLE1','ROLE2')
+27
source share

If you are playing with OAuth2, be sure to check this to solve your problems.

http://lightweightyes.blogspot.in/2012/08/spring-security-expressions-not-working.html

I just tried my best to try all the trial versions and errors.

-3
source share

More articles:


All Articles