Domain Security for user with 2 Roles

Hi community,

Scenario is as follows:

User1 -> having Role1 -> Access "GENERAL TRAINING" data

User2 -> having Role2 -> Access "HEALTH CARE" data

User3 -> having (Role1, Role2) -> Access ("GENERAL TRAINING", "HEALTH CARE" ) data

Configuration of Domain Security File:

<!-- Access for GENERALTRAINING user -->
        <resourceAccessGrant id="JoinTree_1_ROLE_AACP_GENERALTRAINING_row_grant">
            <principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_GENERALTRAINING'] }</principalExpression>
            <filterExpression>public_courses.role in ('GENERALTRAINING')</filterExpression>
        <!-- Access for HEALTHCARE user -->
        <resourceAccessGrant id="JoinTree_1_ROLE_AACP_HEALTHCARE_row_grant">
            <principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_HEALTHCARE'] }</principalExpression>
            <filterExpression>public_courses.role in ('HEALTHCARE')</filterExpression>
        <!-- Access for GENERALTRAINING, HEALTHCARE user -->
        <resourceAccessGrant id="JoinTree_1_ROLE_AACP_GT_HC_row_grant_40">
            <principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_HEALTHCARE'] } &amp;&amp; authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_GENERALTRAINING'] }</principalExpression>
            <filterExpression>public_courses.role in ('GENERALTRAINING') or public_courses.role in ('HEALTHCARE')</filterExpression>

Issue is, when User3 is logging in he's able to see only "GENERAL TRAINING" data, where as he's having privileges to acces the data of both "GENERAL TRAINING" and "HEALTH CARE".

How to configure the XML, so that user with both the roles access the data accordingly.

Note: For users with single role it is working as expected.

Thanks & Regards


Balraj's picture
Joined: Jan 29 2015 - 7:25pm
Last seen: 5 years 6 months ago

Your principalExpression should look like as below - 

..insert your cod<principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_HEALTHCARE','ROLE_AACP_GENERALTRAINING'] } </principalExpression>e here..

yogesh.gupta - 5 years 11 months ago

Did you make it working?

m.imran.tariq - 5 years 10 months ago

0 Answers:

No answers yet