Announcement Announcement Module
No announcement yet.
Expression-Based Access Control- use wildcard "ROLE_*" Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Expression-Based Access Control- use wildcard "ROLE_*"

    <intercept-url pattern="/**" access="ROLE_ADMIN"/>

    in place of ADMIN can i use a wildcard like access="ROLE_*_Admin" or ROLE_*

    appreciate your help

  • #2
    You can use any attributes you want, but the actual interpretation depends on the AccessDecisionManager and the combination of AccessDecisionVoter instances it is configured with. ROLE_ attributes are typically processed by an instance of the class RoleVoter. If you want to do something like this you'd need to write a customized version instead which handler wildcarded role names.

    Note that this isn't expression-based access control. In that case the attribute is interpreted as an EL expression. So "ROLE_ADMIN" wouldn't be a valid expression.


    • #3
      Thank you very much. Is there a working example that I could look at. I am kind of new to this topic and it would really help if you can put me in the right direction.

      I just wanted to add that I am using LDAP for authentication and authorization. I do not want to use ACL's I have created my custom authorities and they all normally end with either ADMIN or STAFF at the end. so, Please suggest me the best way to get this working.
      Last edited by rudy81; May 25th, 2011, 09:13 AM.