Home/ Questions/Q 9216431
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T02:24:58+00:00

In spring security, we can limit access to certaiin web resources using this construct:

  • 0

In spring security, we can limit access to certaiin web resources using this construct:
<intercept-url pattern="/admin.xhtml" access="hasPermission('admin')" />

Now, I have a lot of pages, to access each, one should have special permission with same name as the page name. intercept-url accepts pattern but doesn’t seem to provide parameter passing from regex matched groups in pattern to access. I want something like this:

<intercept-url pattern="/([a-z]+).xhtml" access="hasPermission('$1')" />
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Unfortunately you can’t use matched regex groups in your access rule.
    As a workaround you can try to define a custom web security expression. It will be responsible for extracting of some matched regex group:

    <intercept-url pattern="/([a-z]+).xhtml" access="hasPermission(extractGroup('$1', '/([a-z]+).xhtml'))" />

    During execution extractGroup(…) method will be able to use current HttpRequest. This solution will have two disadvatages:1) it’s not so simple to do 2) regex pattern will be duplicated in your conf. If it’s OK for you then you can read how to add a custom web security expression here.

    • 0