I tried this to prevent role doctor, and employee from accessing the page.
@RequiresRoles(value = {"doctor", "employee"})
But now, doctor and employee cannot access the page.
However, @RequiresRoles("doctor") works fine. Doctor can only access the page
What went wrong?
I am using tapestry5, tapestry-security(apache shiro).
I'm not sure I can quite understand what your question is as it is somewhat contradictory. I assume you want users that are either doctors or employees to be able to access the page?
From the documentation of @RequiresRoles:
Requires the currently executing Subject to have all of the specified roles.
(Emphasis mine.) For a user that is either an employee or a doctor to be able to access the page, you can change the annotation as follows:
@RequiresRoles(value = {"doctor", "employee"}, logical = Logical.OR)
