Authority for the admin role is denied access to the entire system - to the administrative and home page. So I added ROLE_ADMIN to / main / home intercept-url.
This is safe xml
<http auto-config="true" use-expressions="true"> <intercept-url pattern="/**" requires-channel="https" /> <intercept-url pattern='/main/home/' access="hasRole('ROLE_USER' 'ROLE_ADMIN')" /> <intercept-url pattern='/admin/admin/**' access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern='/main/user/setter/settingpage' access="hasRole('ROLE_USER')" /> <intercept-url pattern='/main/user/setter/addpage' access="hasRole('ROLE_USER')" /> <intercept-url pattern='/login.jsp' access='IS_AUTHENTICATED_ANONYMOUSLY' /> <form-login login-page="/login.jsp" default-target-url="/main/home" authentication-failure-url="/auth/loginfail?error=true"/> </http>
But this made the whole program stop working. When I run the code, as this is an error
Could not parse expression 'hasRole (' ROLE_USER '' ROLE_ADMIN ')'
When I delete ROLE_ADMIN , the system works and can authenticate users, not ROLE_ADMIN , which is now denied access to all pages. In db, I created roles, and it worked until recently.
source share