how to config a admin role which can access all url in spring security












0















all doc judge url first then the role, like this 



http.authorizeRequests()

    .antMatchers("/aaa/xxx").permitAll()

    .antMatchers("/aaa/yyy").hasAnyRole("MANAGER")

    .antMatchers("/aaa/ccc").hasAnyRole("WORKER")


but I want judge role first, like this 



http.authorizeRequests()

    // first judge role

    .hasAnyRole("ADMIN").permitAll()

    // then judge url 

    .antMatchers("/aaa/yyy").hasAnyRole("MANAGER")

    .antMatchers("/aaa/ccc").hasAnyRole("WORKER")


I want to judge the role first. if the role isnot ADMIN then judge the url and its role.



I want ADMIN can access both "/aaa/yyy" and ''/aaa/ccc" , and others.



there is a stupid way to implement, that is add all "ADMIN" in all hasAnyRole() method, like this



http.authorizeRequests()

    .antMatchers("/aaa/yyy").hasAnyRole("ADMIN","MANAGER")

    .antMatchers("/aaa/ccc").hasAnyRole("ADMIN","WORKER")

    # .... there is many many antMatchers() need add "ADMIN"


I don't want the way, I need another better way.






spring spring-boot spring-security







share|improve this question





























    0















    all doc judge url first then the role, like this 



    http.authorizeRequests()
    
    .antMatchers("/aaa/xxx").permitAll()
    
    .antMatchers("/aaa/yyy").hasAnyRole("MANAGER")
    
    .antMatchers("/aaa/ccc").hasAnyRole("WORKER")


    but I want judge role first, like this 



    http.authorizeRequests()
    
    // first judge role
    
    .hasAnyRole("ADMIN").permitAll()
    
    // then judge url 
    
    .antMatchers("/aaa/yyy").hasAnyRole("MANAGER")
    
    .antMatchers("/aaa/ccc").hasAnyRole("WORKER")


    I want to judge the role first. if the role isnot ADMIN then judge the url and its role.



    I want ADMIN can access both "/aaa/yyy" and ''/aaa/ccc" , and others.



    there is a stupid way to implement, that is add all "ADMIN" in all hasAnyRole() method, like this



    http.authorizeRequests()
    
    .antMatchers("/aaa/yyy").hasAnyRole("ADMIN","MANAGER")
    
    .antMatchers("/aaa/ccc").hasAnyRole("ADMIN","WORKER")
    
    # .... there is many many antMatchers() need add "ADMIN"


    I don't want the way, I need another better way.






    spring spring-boot spring-security







    share|improve this question



























      0












      0








      0








      all doc judge url first then the role, like this 



      http.authorizeRequests()
      
    .antMatchers("/aaa/xxx").permitAll()
      
    .antMatchers("/aaa/yyy").hasAnyRole("MANAGER")
      
    .antMatchers("/aaa/ccc").hasAnyRole("WORKER")


      but I want judge role first, like this 



      http.authorizeRequests()
      
    // first judge role
      
    .hasAnyRole("ADMIN").permitAll()
      
    // then judge url 
      
    .antMatchers("/aaa/yyy").hasAnyRole("MANAGER")
      
    .antMatchers("/aaa/ccc").hasAnyRole("WORKER")


      I want to judge the role first. if the role isnot ADMIN then judge the url and its role.



      I want ADMIN can access both "/aaa/yyy" and ''/aaa/ccc" , and others.



      there is a stupid way to implement, that is add all "ADMIN" in all hasAnyRole() method, like this



      http.authorizeRequests()
      
    .antMatchers("/aaa/yyy").hasAnyRole("ADMIN","MANAGER")
      
    .antMatchers("/aaa/ccc").hasAnyRole("ADMIN","WORKER")
      
    # .... there is many many antMatchers() need add "ADMIN"


      I don't want the way, I need another better way.






      spring spring-boot spring-security







      share|improve this question
















      all doc judge url first then the role, like this 



      http.authorizeRequests()
      
    .antMatchers("/aaa/xxx").permitAll()
      
    .antMatchers("/aaa/yyy").hasAnyRole("MANAGER")
      
    .antMatchers("/aaa/ccc").hasAnyRole("WORKER")


      but I want judge role first, like this 



      http.authorizeRequests()
      
    // first judge role
      
    .hasAnyRole("ADMIN").permitAll()
      
    // then judge url 
      
    .antMatchers("/aaa/yyy").hasAnyRole("MANAGER")
      
    .antMatchers("/aaa/ccc").hasAnyRole("WORKER")


      I want to judge the role first. if the role isnot ADMIN then judge the url and its role.



      I want ADMIN can access both "/aaa/yyy" and ''/aaa/ccc" , and others.



      there is a stupid way to implement, that is add all "ADMIN" in all hasAnyRole() method, like this



      http.authorizeRequests()
      
    .antMatchers("/aaa/yyy").hasAnyRole("ADMIN","MANAGER")
      
    .antMatchers("/aaa/ccc").hasAnyRole("ADMIN","WORKER")
      
    # .... there is many many antMatchers() need add "ADMIN"


      I don't want the way, I need another better way.






      spring spring-boot spring-security




      spring spring-boot spring-security






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 27 '18 at 11:06









      Community

      11




      11










      asked Nov 27 '18 at 8:55









      usrmqj xvusrmqj xv

      296




      296
























          1 Answer
          1






          active

          oldest

          votes


















          0














          http.authorizeRequests()
          
    .antMatchers("/aaa/yyy").hasAnyRole("MANAGER")
          
    .antMatchers("/aaa/ccc").hasAnyRole("WORKER") //you can put here many roles .hasAnyRole("WORKER", "MANAGER")
          
    .anyRequest().hasAnyRole("MANAGER")





          share|improve this answer
























          • it not work, I want MANAGER can access both "/aaa/yyy" and ''/aaa/ccc" but you answser can not work when access "/aaa/ccc". it still reponse a 403 forbidden.

            – usrmqj xv
            Nov 27 '18 at 10:16











          • Read comment in the code .antMatchers("/aaa/ccc").hasAnyRole("WORKER", "MANAGER")

            – Andrew Sasha
            Nov 27 '18 at 15:39













          • Btw, you can change the order, then: http.authorizeRequests() .anyRequest().hasAnyRole("MANAGER") .antMatchers("/aaa/ccc").hasAnyRole("WORKER")

            – Andrew Sasha
            Nov 27 '18 at 15:41











          • that is no true, if I use http.authorizeRequests() .anyRequest().hasAnyRole("MANAGER") .antMatchers("/aaa/ccc").hasAnyRole("WORKER") , when a WORKER access "/aaa/ccc" it return 403, maybe it match .anyRequest().hasAnyRole("MANAGER") and return false

            – usrmqj xv
            Nov 28 '18 at 1:27













          • Yes, you are right, Spring should take the first matched pattern, but the first solution should work for you

            – Andrew Sasha
            Nov 28 '18 at 8:38











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53495885%2fhow-to-config-a-admin-role-which-can-access-all-url-in-spring-security%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          http.authorizeRequests()
          
    .antMatchers("/aaa/yyy").hasAnyRole("MANAGER")
          
    .antMatchers("/aaa/ccc").hasAnyRole("WORKER") //you can put here many roles .hasAnyRole("WORKER", "MANAGER")
          
    .anyRequest().hasAnyRole("MANAGER")





          share|improve this answer
























          • it not work, I want MANAGER can access both "/aaa/yyy" and ''/aaa/ccc" but you answser can not work when access "/aaa/ccc". it still reponse a 403 forbidden.

            – usrmqj xv
            Nov 27 '18 at 10:16











          • Read comment in the code .antMatchers("/aaa/ccc").hasAnyRole("WORKER", "MANAGER")

            – Andrew Sasha
            Nov 27 '18 at 15:39













          • Btw, you can change the order, then: http.authorizeRequests() .anyRequest().hasAnyRole("MANAGER") .antMatchers("/aaa/ccc").hasAnyRole("WORKER")

            – Andrew Sasha
            Nov 27 '18 at 15:41











          • that is no true, if I use http.authorizeRequests() .anyRequest().hasAnyRole("MANAGER") .antMatchers("/aaa/ccc").hasAnyRole("WORKER") , when a WORKER access "/aaa/ccc" it return 403, maybe it match .anyRequest().hasAnyRole("MANAGER") and return false

            – usrmqj xv
            Nov 28 '18 at 1:27













          • Yes, you are right, Spring should take the first matched pattern, but the first solution should work for you

            – Andrew Sasha
            Nov 28 '18 at 8:38
















          0














          http.authorizeRequests()
          
    .antMatchers("/aaa/yyy").hasAnyRole("MANAGER")
          
    .antMatchers("/aaa/ccc").hasAnyRole("WORKER") //you can put here many roles .hasAnyRole("WORKER", "MANAGER")
          
    .anyRequest().hasAnyRole("MANAGER")





          share|improve this answer
























          • it not work, I want MANAGER can access both "/aaa/yyy" and ''/aaa/ccc" but you answser can not work when access "/aaa/ccc". it still reponse a 403 forbidden.

            – usrmqj xv
            Nov 27 '18 at 10:16











          • Read comment in the code .antMatchers("/aaa/ccc").hasAnyRole("WORKER", "MANAGER")

            – Andrew Sasha
            Nov 27 '18 at 15:39













          • Btw, you can change the order, then: http.authorizeRequests() .anyRequest().hasAnyRole("MANAGER") .antMatchers("/aaa/ccc").hasAnyRole("WORKER")

            – Andrew Sasha
            Nov 27 '18 at 15:41











          • that is no true, if I use http.authorizeRequests() .anyRequest().hasAnyRole("MANAGER") .antMatchers("/aaa/ccc").hasAnyRole("WORKER") , when a WORKER access "/aaa/ccc" it return 403, maybe it match .anyRequest().hasAnyRole("MANAGER") and return false

            – usrmqj xv
            Nov 28 '18 at 1:27













          • Yes, you are right, Spring should take the first matched pattern, but the first solution should work for you

            – Andrew Sasha
            Nov 28 '18 at 8:38














          0












          0








          0







          http.authorizeRequests()
          
    .antMatchers("/aaa/yyy").hasAnyRole("MANAGER")
          
    .antMatchers("/aaa/ccc").hasAnyRole("WORKER") //you can put here many roles .hasAnyRole("WORKER", "MANAGER")
          
    .anyRequest().hasAnyRole("MANAGER")





          share|improve this answer













          http.authorizeRequests()
          
    .antMatchers("/aaa/yyy").hasAnyRole("MANAGER")
          
    .antMatchers("/aaa/ccc").hasAnyRole("WORKER") //you can put here many roles .hasAnyRole("WORKER", "MANAGER")
          
    .anyRequest().hasAnyRole("MANAGER")






          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 27 '18 at 9:10









          Andrew SashaAndrew Sasha

          554214




          554214













          • it not work, I want MANAGER can access both "/aaa/yyy" and ''/aaa/ccc" but you answser can not work when access "/aaa/ccc". it still reponse a 403 forbidden.

            – usrmqj xv
            Nov 27 '18 at 10:16











          • Read comment in the code .antMatchers("/aaa/ccc").hasAnyRole("WORKER", "MANAGER")

            – Andrew Sasha
            Nov 27 '18 at 15:39













          • Btw, you can change the order, then: http.authorizeRequests() .anyRequest().hasAnyRole("MANAGER") .antMatchers("/aaa/ccc").hasAnyRole("WORKER")

            – Andrew Sasha
            Nov 27 '18 at 15:41











          • that is no true, if I use http.authorizeRequests() .anyRequest().hasAnyRole("MANAGER") .antMatchers("/aaa/ccc").hasAnyRole("WORKER") , when a WORKER access "/aaa/ccc" it return 403, maybe it match .anyRequest().hasAnyRole("MANAGER") and return false

            – usrmqj xv
            Nov 28 '18 at 1:27













          • Yes, you are right, Spring should take the first matched pattern, but the first solution should work for you

            – Andrew Sasha
            Nov 28 '18 at 8:38



















          • it not work, I want MANAGER can access both "/aaa/yyy" and ''/aaa/ccc" but you answser can not work when access "/aaa/ccc". it still reponse a 403 forbidden.

            – usrmqj xv
            Nov 27 '18 at 10:16











          • Read comment in the code .antMatchers("/aaa/ccc").hasAnyRole("WORKER", "MANAGER")

            – Andrew Sasha
            Nov 27 '18 at 15:39













          • Btw, you can change the order, then: http.authorizeRequests() .anyRequest().hasAnyRole("MANAGER") .antMatchers("/aaa/ccc").hasAnyRole("WORKER")

            – Andrew Sasha
            Nov 27 '18 at 15:41











          • that is no true, if I use http.authorizeRequests() .anyRequest().hasAnyRole("MANAGER") .antMatchers("/aaa/ccc").hasAnyRole("WORKER") , when a WORKER access "/aaa/ccc" it return 403, maybe it match .anyRequest().hasAnyRole("MANAGER") and return false

            – usrmqj xv
            Nov 28 '18 at 1:27













          • Yes, you are right, Spring should take the first matched pattern, but the first solution should work for you

            – Andrew Sasha
            Nov 28 '18 at 8:38

















          it not work, I want MANAGER can access both "/aaa/yyy" and ''/aaa/ccc" but you answser can not work when access "/aaa/ccc". it still reponse a 403 forbidden.

          – usrmqj xv
          Nov 27 '18 at 10:16





          it not work, I want MANAGER can access both "/aaa/yyy" and ''/aaa/ccc" but you answser can not work when access "/aaa/ccc". it still reponse a 403 forbidden.

          – usrmqj xv
          Nov 27 '18 at 10:16













          Read comment in the code .antMatchers("/aaa/ccc").hasAnyRole("WORKER", "MANAGER")

          – Andrew Sasha
          Nov 27 '18 at 15:39







          Read comment in the code .antMatchers("/aaa/ccc").hasAnyRole("WORKER", "MANAGER")

          – Andrew Sasha
          Nov 27 '18 at 15:39















          Btw, you can change the order, then: http.authorizeRequests() .anyRequest().hasAnyRole("MANAGER") .antMatchers("/aaa/ccc").hasAnyRole("WORKER")

          – Andrew Sasha
          Nov 27 '18 at 15:41





          Btw, you can change the order, then: http.authorizeRequests() .anyRequest().hasAnyRole("MANAGER") .antMatchers("/aaa/ccc").hasAnyRole("WORKER")

          – Andrew Sasha
          Nov 27 '18 at 15:41













          that is no true, if I use http.authorizeRequests() .anyRequest().hasAnyRole("MANAGER") .antMatchers("/aaa/ccc").hasAnyRole("WORKER") , when a WORKER access "/aaa/ccc" it return 403, maybe it match .anyRequest().hasAnyRole("MANAGER") and return false

          – usrmqj xv
          Nov 28 '18 at 1:27







          that is no true, if I use http.authorizeRequests() .anyRequest().hasAnyRole("MANAGER") .antMatchers("/aaa/ccc").hasAnyRole("WORKER") , when a WORKER access "/aaa/ccc" it return 403, maybe it match .anyRequest().hasAnyRole("MANAGER") and return false

          – usrmqj xv
          Nov 28 '18 at 1:27















          Yes, you are right, Spring should take the first matched pattern, but the first solution should work for you

          – Andrew Sasha
          Nov 28 '18 at 8:38





          Yes, you are right, Spring should take the first matched pattern, but the first solution should work for you

          – Andrew Sasha
          Nov 28 '18 at 8:38




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53495885%2fhow-to-config-a-admin-role-which-can-access-all-url-in-spring-security%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Lallio

          Image
          Coordenadas: 45° 40' N 9° 38' E Lallio      Comuna    Lallio Localização de Lallio na Itália Coordenadas 45° 40' N 9° 38' E Região Lombardia Província Bérgamo Área - Total 2 km² Altitude 216 m População  - Total 3 826     • Densidade 1 913 hab./km² Outros dados Comunas limítrofes Bergamo, Dalmine, Stezzano, Treviolo Código ISTAT 016123 Código cadastral E422 Código postal 24040 Prefixo telefônico 035 Website www.comune.lallio.bg.it Lallio é uma comuna italiana da região da Lombardia, província de Bérgamo, com cerca de 3.826 habitantes. Estende-se por uma área de 2 km², tendo uma densidade populacional de 1913 hab/km². Faz fronteira com Bergamo, Dalmine, Stezzano, Treviolo. [ 1 ] [ 2 ] [ 3 ] Demografia | Variação demográfica do município entre 1861 e 2011 [ 3 ] Fonte : Istituto Nazionale di Statistica (ISTAT) - Elabor...
          Read more

          Unable to find Lightning Node

          Image
          2 I have successfully installed and synced my lightning node (Raspiblitz). I see my public ip on port 8333 has 8 conns. However, when I check my node on 1ml.com my node is not found. I did forward port 8333 and 9735 on my router. Should I connect to a peer or create a channel before my node is visible for the outside? lightning-network lightning-network-daemon share | improve this question asked 1 hour ago Bart DV Bart DV 31 3 add a comment  |  ...
          Read more

          Futebolista

          Image
          Ronaldo primeiro jogador a ser eleito por três vezes o melhor jogador do mundo pela FIFA. Ronaldinho Gaúcho atuando pelo Barcelona onde foi duas vezes eleito o melhor jogador do mundo pela FIFA. Kaká atuando pelo Milan onde foi eleito em 2007 o melhor jogador do mundo pela FIFA. Lothar Matthäus primeiro jogador a ser eleito o melhor jogador do mundo pela FIFA em 1991 pela Inter de Milão. Neymar durante partida contra a Escócia, em 27 de março de 2011. Crianças praticando futebol. Robinho, futebolista brasileiro, em 15 de novembro de 2006. Atletas do Chelsea, da Inglaterra. A venda de camisas com nome e número dos jogadores é uma grande fonte de arrecadação. Jürgen Klinsmann atuou como jogador e foi treinador da Alemanha. Estádio de futebol, principal local onde laboram os jogadores. O jogador de futebol , ou Futebolista , é um atleta profissional de futebol, e cuja prática do desporto coletivo é fundamental. Estes trabalhadores sã...
          Read more