Expression-Based Access Control- use wildcard "ROLE_*"

[rudy81]

<intercept-url pattern="/**" access="ROLE_ADMIN"/>

in place of ADMIN can i use a wildcard like access="ROLE_*_Admin" or ROLE_*

appreciate your help

[Luke Taylor]

You can use any attributes you want, but the actual interpretation depends on the AccessDecisionManager and the combination of AccessDecisionVoter instances it is configured with. ROLE_ attributes are typically processed by an instance of the class RoleVoter. If you want to do something like this you'd need to write a customized version instead which handler wildcarded role names.

Note that this isn't expression-based access control. In that case the attribute is interpreted as an EL expression. So "ROLE_ADMIN" wouldn't be a valid expression.

[rudy81]

Thank you very much. Is there a working example that I could look at. I am kind of new to this topic and it would really help if you can put me in the right direction.

I just wanted to add that I am using LDAP for authentication and authorization. I do not want to use ACL's I have created my custom authorities and they all normally end with either ADMIN or STAFF at the end. so, Please suggest me the best way to get this working.