I'm implementing a security project using spring boot. I want to allow users with both ADMIN and EXECUTIVE roles to have access to some endpoints. That is, a user must be an ADMIN at the same time EXECUTIVE user for him to access that protected endpoint. How can I achieve this?
Asked
Active
Viewed 221 times
1 Answers
1
You can use expression with logical and - hasRole('ADMIN') and hasRole('EXECUTIVE'). Using the security configuration you can do it like this:
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests()
.antMatchers("/your/endpoint").access("hasRole('ADMIN') and hasRole('EXECUTIVE')");
//other configs
}
Chaosfire
- 4,818
- 4
- 8
- 23
-
Very helpful indeed. – Emmanuel Mbewe Oct 10 '22 at 10:50