|
|
@@ -69,7 +69,11 @@ SecurityFilterChain web(HttpSecurity http) throws Exception {
|
|
|
.authorizeHttpRequests(authorize -> authorize // <1>
|
|
|
.mvcMatchers("/resources/**", "/signup", "/about").permitAll() // <2>
|
|
|
.mvcMatchers("/admin/**").hasRole("ADMIN") // <3>
|
|
|
- .mvcMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')") // <4>
|
|
|
+ .mvcMatchers("/db/**").access((authentication, request) ->
|
|
|
+ Optional.of(hasRole("ADMIN").check(authentication, request))
|
|
|
+ .filter((decision) -> !decision.isGranted())
|
|
|
+ .orElseGet(() -> hasRole("DBA").check(authentication, request));
|
|
|
+ ) // <4>
|
|
|
.anyRequest().denyAll() // <5>
|
|
|
);
|
|
|
|
Josh Cummings