AngularJS-SpringMVC-example icon indicating copy to clipboard operation
AngularJS-SpringMVC-example copied to clipboard
verified publisher icon nidi3

Question about role ADMIN

Open pinootto opened this issue 12 years ago • 1 comments

Is it correct the following configuration in the file applicationContext.xml?

<sec:http pattern="/admin/**" create-session="never">
    <sec:http-basic entry-point-ref="restAuthenticationEntryPoint"/>
    <sec:intercept-url pattern="/**" access="ROLE_USER"/>
</sec:http>
<sec:http pattern="/action/user" create-session="never">
    <sec:http-basic entry-point-ref="restAuthenticationEntryPoint"/>
    <sec:intercept-url pattern="/**" access="ROLE_USER"/>
</sec:http>

The pattern="/admin/**" is associated with ROLE_USER. Is it correct? or should it be associated with ROLE_ADMIN?

pinootto avatar Apr 16 '13 07:04 pinootto

I tried switching "/admin/**" to ROLE_ADMIN - then login required "jimi"(ROLE_ADMIN) - "bob"(ROLE_USER) would not authenticate. However, after jimi logged out, bob could login (with just ROLE_USER) and then also have access to admin screen.

garyhellman avatar Apr 19 '13 19:04 garyhellman