roles

**nox** · May 24th, 2005, 04:01 AM

hi guys,

a bit confused here.

/secure/main/*=ROLE_ADMIN,ROLE_APP
/secure/app/*=ROLE_APP

if the user has granted authority of ROLE_APP only he can't access main. is this the default behaviour? or should i add ROLE_ADMIN to the user such that in order to access /secure/main he has to have the granted roles of both ROLE_APP and ROLE_ADMIN?

thanks in advance!

cheers!

nox

**gmansoor** · May 24th, 2005, 11:06 AM

ROLE_APP can access both /secure/main/* & /secure/app/*
ROLE_ADMIN can only access /secure/main/*

**nox** · May 25th, 2005, 12:16 AM

hi gmansoor!

thanks for the reply.

so

ROLE_APP can access both /secure/main/* & /secure/app/*
ROLE_ADMIN can only access /secure/main/*

hmmmnn... this is not the behaviour of acegi on my app however. wonder what am doing wrong??? i followed the standard contact webapp config.

in my case
ROLE_APP can't access /secure/main/* <- which is basically a controller that forward's the user to a base url depending on his group.

cheers!

nox

**Ben Alex** · May 29th, 2005, 04:23 AM

A few threads (one of which links to the reference guide) might help:

http://forum.springframework.org/showthread.php?t=12902
http://forum.springframework.org/showthread.php?t=13230

Basically it depends on the concrete AccessDecisionManager you're using.

**nox** · May 30th, 2005, 12:02 AM

it helped indeed!

ben, thanks! you rock!

cheers!

nox

Thread: roles

Thread Tools

Display

roles

Similar Threads

Acegi running fine. Howto add roles, ...

LDAPPasswordAuthenticationDao problem

Using MethodSecurityInterceptor inside HttpSessionListener

Let's say I want to build a blog (Newbie question on roles?)

Refresh Roles for Logged In User?

Posting Permissions