Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 01:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Correct access(String) reference

Browse Source 
Closes gh-11280
This commit is contained in:
Josh Cummings 2022-05-27 14:51:45 -06:00
parent 8690accd57
commit 292585080a
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
View File

@ -69,7 +69,11 @@ SecurityFilterChain web(HttpSecurity http) throws Exception {
.authorizeHttpRequests(authorize -> authorize // <1> .authorizeHttpRequests(authorize -> authorize // <1>
.mvcMatchers("/resources/**", "/signup", "/about").permitAll() // <2> .mvcMatchers("/resources/**", "/signup", "/about").permitAll() // <2>
.mvcMatchers("/admin/**").hasRole("ADMIN") // <3> .mvcMatchers("/admin/**").hasRole("ADMIN") // <3>
.mvcMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')") // <4> .mvcMatchers("/db/**").access((authentication, request) ->
Optional.of(hasRole("ADMIN").check(authentication, request))
.filter((decision) -> !decision.isGranted())
.orElseGet(() -> hasRole("DBA").check(authentication, request));
) // <4>
.anyRequest().denyAll() // <5> .anyRequest().denyAll() // <5>
); );