user526206
Reputation:
How to deny url based on role
I have list of users which have multiple roles. I am looking basically opposite of hasAuthority('systemAccessRole') for example if user have systemAccessRole i want to block him on some url.
<sec:intercept-url pattern="/url/global/*" access="hasAuthority('systemAccessRole')"/>
// user will not allowed to access domestic url if he/she has role systemAccessRole
<sec:intercept-url pattern="/url/domestic/*" access="hasAuthority('systemAccessRole')"/>
What would be a expression i can use in that case ?
Upvotes: 0
Views: 380
Answers (1)
holmis83
Reputation: 16644
Use the ! (not) operator:
<sec:intercept-url pattern="/url/domestic/*" access="!hasAuthority('systemAccessRole')"/>
Upvotes: 0
Related Questions
- Spring Security - How do I block access to any url except a few listed by role?
- How to allow any other role in Spring Security?
- How to implement Spring Security with LDAP and Role based granted authorities from database?
- Spring security: How to make annotation based role specifications have precedence over pattern-based role specifications
- Order of intercept-url patterns in Spring Security
- Role-based access denial handling in Spring Security - how to?
- adding new role to already authenticated user (without logging him out)
- Spring Security 2.0.x - Filter based on role type + Session based bean state