Pergunta
I don't know how to configure spring security to specify different ROLEs for overlaping URLs.
https://stackoverflow.com/questions/21109187
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<sec:intercept-url pattern="/app/ws**" access="ROLE_WEBSERVICE"/>
<sec:intercept-url pattern="/app**" access="ROLE_ADMIN"/>
I need to accept user with role ROLE_WEBSERVICE on /app/ws** even if this user does not have user ROLE_ADMIN.
Could you point me to the correct place of documentation? I could not find it. Thanks.
Solução
If you switch to an expression rule instead of the vanilla RoleVoter you get more flexibility, e.g.
<http use-expressions="true">
...
<intercept-url pattern="/app/ws**" access="hasRole('ROLE_WEBSERVICE') and hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/app**" access="hasRole('ROLE_ADMIN')"/>
...
