Spring Security Intercept Url Priority And Filter

<intercept-url pattern="/admin/home/addUser" access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/admin/home/**" access="hasAnyAuthority('ROLE_ADMIN','ROLE_NORMAL')"/>
admin/home/addUser paths can only be accessed by ROLE_ADMIN and any other web pages located in /admin/ is accessed ROLE_ADMIN and ROLE_NORMAL. But notice that addUser page is also in /admin/ directory. By writing addUser url before more general path, /admin/home/**, we made a kind of filter.

© 2019 All rights reserved. Codesenior.COM