Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Correct access(String) reference

Closes gh-11280
Josh Cummings 3 years ago
parent
101f11ba94
commit
d7077b441a
1 changed files with 5 additions and 1 deletions
Split View Show Diff Stats
  1. 5 1
      docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc

+ 5 - 1
docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
View File 

@@ -69,7 +69,11 @@ SecurityFilterChain web(HttpSecurity http) throws Exception {
 
 		.authorizeHttpRequests(authorize -> authorize                                  // <1>
 
 			.mvcMatchers("/resources/**", "/signup", "/about").permitAll()         // <2>
 
 			.mvcMatchers("/admin/**").hasRole("ADMIN")                             // <3>
 
-			.mvcMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")   // <4>
 
+			.mvcMatchers("/db/**").access((authentication, request) ->
 
+			    Optional.of(hasRole("ADMIN").check(authentication, request))
 
+			        .filter((decision) -> !decision.isGranted())
 
+			        .orElseGet(() -> hasRole("DBA").check(authentication, request));
 
+			)   // <4>
 
 			.anyRequest().denyAll()                                                // <5>
 
 		);