I have an Spring MVC java site that uses Spring Security to restrict user access. Example :
<security:authorize access="hasAnyRole('ROLE_EMPLOYEE', 'ROLE_MANAGER')">
...
</security:authorize>
Now how can I block access ROLE_MANAGER and allow all?
CodePudding user response:
I think !hasAnyRole
is help to block authorities.
<security:authorize access="!hasAnyRole('ROLE_MANAGER')">
...
</security:authorize>