Home/ Questions/Q 9238625
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T07:48:19+00:00

I’m using SpringMVC, SpringSecurity, Spring, Mybatis for my web application. There are a lot

  • 0

I’m using SpringMVC, SpringSecurity, Spring, Mybatis for my web application. There are a lot of parallel subsystems(say, different registration system), What I wanna implement is to give each admin(there’re a lot of admins who is under my control) authorization to some subsystems.
For example, there are admin A, B, C, as well as subsystem X, Y, Z, I intend to authorize admin A to subsystem A, B, to authorize admin B to subsystem C, like such. How could I achieve this effect using spring security, is there any article on this issue, or some term for me to google with. Thanks a lot!!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can set up different base URLs for each subsystem:

    www.appdomain.com/subsitemA/page1.html
www.appdomain.com/subsitemA/page2.html
www.appdomain.com/subsitemB/*
www.appdomain.com/subsitemC/*
....
www.appdomain.com/subsitemX/*

    Then it well be easy to secure them using intercept-url patterns:

    <sec:http auto-config='true' use-expressions="true" >
    <!-- Specific patterns comes first -->
    <sec:intercept-url pattern="/subsitemA/**" access="hasRole('ROLE_ADM_A')" />
    <sec:intercept-url pattern="/subsitemB/**" access="hasRole('ROLE_ADM_A') and hasRole('ROLE_ADM_B')" />
    <sec:intercept-url pattern="/subsitemC/**" access="hasRole('ROLE_ADM_C') and hasRole('ROLE_ADM_D')" />
    ...
    <!-- General pattern comes last -->
    <sec:intercept-url pattern="/**" access="isFullyAuthenticated()" />
</sec:http>
    • 0