0

I wanted to permit 100 url's if the user do not have the given permission and also want to restrict him only to a single page, how can i do it using spring security, or can someone help me with antMatchers() to proceed with my requirement, thank you in advance.

protected void configure(HttpSecurity http) throws Exception {
     http 
    .authorizeRequests() .antMatchers("/p1/**").permitAll() 
 .antMatchers("/p2","/p3","/p4").wantRestrictIfItHasRole.access("hasRole('ROLEA')") 
    .anyRequest().authenticated();
}
shashank
  • 11
  • 7
  • can you show your security configuration class. can you explain in a bit detail with example – pvpkiran Mar 26 '20 at 13:54
  • i have a role -> roleA and a user -> userA and pages p1, p2, p3, p4 If the userA has roleA then userA should only have access to p1 and should be restricted in p2, p3, p4. I want this to be done using antMatchers() `http .authorizeRequests() .antMatchers("/p1/**").permitAll() .antMatchers("/p2","/p3","/p4").wantRestrict.access("hasRole('ROLEA')) .anyRequest().authenticated() // ...` – shashank Mar 26 '20 at 14:03
  • so what is the problem here. Please put the relavent code in the question – pvpkiran Mar 26 '20 at 14:07
  • I want to implement `!hasAnyRole("ROLEA")` in terms of antMatchers(). Is there a way we can do this using antMatchers() – shashank Mar 26 '20 at 14:15
  • `antMatchers` support regex. so you can try something like this `antMatchers([^(matching_pattern)])`. I have not tried it though. Give it a try. This should match all the patterns which are not matching_pattern. Notice the `^` – pvpkiran Mar 26 '20 at 14:19
  • thank you @pvpkiran, I am able to get the pages using regex, but i wanted to know how to restrict the access if the user has a certain role. – shashank Mar 26 '20 at 14:26
  • `antMatchers([^(matching_pattern)]).hasRole("ROLEA")` – pvpkiran Mar 26 '20 at 14:28
  • Let me know if it works – pvpkiran Mar 26 '20 at 14:56

0 Answers0