I have a path that I want multiple roles to be able to access:
SecurityConfigurationBuilder builder = event.getBuilder();
builder
.http()
.forPath("/api/*")
.withMethod(HttpMethod.GET, HttpMethod.POST, HttpMethod.PUT)
.authorizeWith()
.role("user", "admin")
It looks like the behavior is that you must have both user AND admin to access.
Is there a way to specify user OR admin?
You can try using EL expressions on paths. Something like:
.forPath("/acme/*") .authorizeWith() .expression("#{hasRole('user') or hasRole('admin')}");
Regards.