I would like to ask the following question but this is not stopped just want to know any other way to configure this setting.
As we know the intercept-url pattern will check the ROLE_** from accessing the url
When the user have the ROLE_ADMIN he/she can access whatever method under /car, correct me if I wrong<intercept-url pattern="/car/**" access="ROLE_ADMIN" />
And now I want to configure under car any get** method can be access by ROLE_USER however after I configure the following ROLE_ADMIN user unable to access any get**
If the get** method can be access by ROLE_ADMIN so I need manual configure as below<intercept-url pattern="/car/get**" access="ROLE_USER" />
Is this the normal behavior? As the /car/** already define ROLE_ADMIN can access whatever method under the car<intercept-url pattern="/car/get**" access="ROLE_USER, ROLE_ADMIN" />