Restrict Specific url access for specific Role in spring security

Question

<security:http entry-point-ref="casEntryPoint" use-expressions="true">

    <security:intercept-url pattern="/**" access="hasAnyRole(All roles)" />
    <security:intercept-url pattern="/unauthorized" access="hasRole('ROLE_UNAUTHORIZED')"  />
    <security:intercept-url pattern="/unauthorized" access="!hasAuthority('ROLE_SUPER_ADMIN')" />

</security:http>

I want to restrict URL from specific roles.

<security:intercept-url pattern="/unauthorized" access="!hasAuthority('ROLE_SUPER_ADMIN')" />

I have tried but not working.

Refer image, I logged in as admin still I can access the /unauthorized from Url bar.

Possible duplicate of [How to fix role in Spring Security?](https://stackoverflow.com/questions/43052745/how-to-fix-role-in-spring-security) — dur, May 16 '18 at 08:46

score 0 · Answer 1 · answered May 16 '18 at 08:36

Sample code

<security:http auto-config='true' use-expressions="true">

    <security:intercept-url pattern="/unauthorized" access="hasAnyRole('ROLE_UNAUTHORIZED')"  />

    <!-- permitAll is last in order. -->
    <security:intercept-url pattern="/**" access="permitAll" />


</security:http>

Restrict Specific url access for specific Role in spring security

1 Answers1