Balraj Posted November 18, 2016 Share Posted November 18, 2016 Hi community,Scenario is as follows:User1 -> having Role1 -> Access "GENERAL TRAINING" dataUser2 -> having Role2 -> Access "HEALTH CARE" dataUser3 -> having (Role1, Role2) -> Access ("GENERAL TRAINING", "HEALTH CARE" ) dataConfiguration of Domain Security File:<!-- Access for GENERALTRAINING user --> <resourceAccessGrant id="JoinTree_1_ROLE_AACP_GENERALTRAINING_row_grant"> <principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_GENERALTRAINING'] }</principalExpression> <filterExpression>public_courses.role in ('GENERALTRAINING')</filterExpression> </resourceAccessGrant> <!-- Access for HEALTHCARE user --> <resourceAccessGrant id="JoinTree_1_ROLE_AACP_HEALTHCARE_row_grant"> <principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_HEALTHCARE'] }</principalExpression> <filterExpression>public_courses.role in ('HEALTHCARE')</filterExpression> </resourceAccessGrant> <!-- Access for GENERALTRAINING, HEALTHCARE user --> <resourceAccessGrant id="JoinTree_1_ROLE_AACP_GT_HC_row_grant_40"> <principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_HEALTHCARE'] } && authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_GENERALTRAINING'] }</principalExpression> <filterExpression>public_courses.role in ('GENERALTRAINING') or public_courses.role in ('HEALTHCARE')</filterExpression> </resourceAccessGrant>[/code]Issue is, when User3 is logging in he's able to see only "GENERAL TRAINING" data, where as he's having privileges to acces the data of both "GENERAL TRAINING" and "HEALTH CARE".How to configure the XML, so that user with both the roles access the data accordingly.Note: For users with single role it is working as expected.Thanks & RegardsJasperExplorer Link to comment Share on other sites More sharing options...
yogesh.gupta Posted April 20, 2017 Share Posted April 20, 2017 Your principalExpression should look like as below - ..insert your cod<principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_HEALTHCARE','ROLE_AACP_GENERALTRAINING'] } </principalExpression>e here..[/code] Link to comment Share on other sites More sharing options...
m.imran.tariq Posted May 12, 2017 Share Posted May 12, 2017 Did you make it working? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now