sivaprasadreddy.k sivaprasadreddy.k - 20 days ago 14
Java Question

How to use <sec:authorize access="hasRole('ROLES)"> for checking multiple Roles?

I want to display some content conditionally based on Roles using Spring Security JSP taglibs.
But in Spring Security 3.1.x is checking for only one role.

I can use but ifAllGranted is deprecated.

Any help?

Answer

There is a special security expression in spring security:

hasAnyRole(list of roles) - true if the user has been granted any of the roles specified (given as a comma-separated list of strings).

I have never used it but I think it is exactly what you are looking for.

Example usage:

<security:authorize access="hasAnyRole('ADMIN', 'DEVELOPER')">
    ...
</security:authorize>

Here is a link to the reference documentation where the standard spring security expressions are described. Also, here is a discussion where I described how to create custom expression if you need it.