Spring security access with multiple roles

Posted by Evgeny Makarov on Stack Overflow See other posts from Stack Overflow or by Evgeny Makarov
Published on 2014-06-03T08:36:58Z Indexed on 2014/06/03 9:25 UTC
Read the original article Hit count: 410

Filed under:
|
|

I want to define access for some pages for user who has one of following roles (ROLE1 or ROLE2)

I'm trying to configure this in my spring security xml file as following:

<security:http entry-point-ref="restAuthenticationEntryPoint" access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security" use-expressions="true">
        <!-- skipped configuration -->
        <security:intercept-url pattern="/rest/api/myUrl*" access="hasRole('ROLE1') or hasRole('ROLE2')" />

        <!-- skipped configuration -->
    </security:http>

I've tried various ways like:

access="hasRole('ROLE1, ROLE2')"
access="hasRole('ROLE1', 'ROLE2')"
access="hasAnyRole('[ROLE1', 'ROLE2]')"

etc

but nothing seems to be working.

I'm keep getting exception

java.lang.IllegalArgumentException: Unsupported configuration attributes:

or

java.lang.IllegalArgumentException: Failed to parse expression 'hasAnyRole(['ROLE1', 'ROLE2'])'

how should it be configured?

Thanks

© Stack Overflow or respective owner

Related posts about java

Related posts about spring