1 Reply Latest reply on Apr 7, 2015 12:53 PM by pcraveiro

authorization for multiple roles

rschumeyer Mar 3, 2015 11:06 AM

I have a path that I want multiple roles to be able to access:

SecurityConfigurationBuilder builder = event.getBuilder();

builder

.http()

.forPath("/api/*")

.withMethod(HttpMethod.GET, HttpMethod.POST, HttpMethod.PUT)

.authorizeWith()

.role("user", "admin")

It looks like the behavior is that you must have both user AND admin to access.

Is there a way to specify user OR admin?

1. Re: authorization for multiple roles

pcraveiro Apr 7, 2015 12:53 PM (in response to rschumeyer)
You can try using EL expressions on paths. Something like:

.forPath("/acme/*") .authorizeWith() .expression("#{hasRole('user') or hasRole('admin')}");

Regards.
Actions