Menu
As far as I can tell only any of lists are available in @Secured annotations or ExpressionUrlAuthorizationConfigurer objects. Trying to add multiple annotations or hasAuthority() calls either fails to compile or only the latest one is used.
How can I define that a particular request (set of requests matching a pattern), or method requires all of a list of roles/authorities?
575
The best solution appears to be
@PreAuthorize("hasRole('one') and hasRole('two') and ...")
There's no nice way to use constants, like with @Secured.
80
You seem to be using: hasAuthority([authority]). This only takes one authority. Instead use hasAnyAuthority([authority1,authority2]). This allows you to specify multiple authorities at once and any can be considered in authorization. Reference official spring docs here. Just find in page the text: hasAnyAuthority([authority1,authority2])
For example on your controller method, add: @PreAuthorize("hasAnyAuthority('permission1','permission2')")
4
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With