Spring security access with multiple roles

Question

I want to define access for some pages for user who has one of following roles (ROLE1 or ROLE2)

I\'m trying to configure this in my spring security xml file as following

Answer 1

If you are playing it with OAuth2, make sure you checkout this to solve your problems.

http://lightweightyes.blogspot.in/2012/08/spring-security-expressions-not-working.html

I just struggled hell lot of time trying all trial and errors.

Answer 2

How try with , separate. See doc here and here.

<security:intercept-url pattern="/rest/api/myUrl*" access="ROLE1,ROLE2"/>

OR

hasAnyRole('ROLE1','ROLE2')

Answer 3

The problem was that I configured custom access-decision-manager-ref="accessDecisionManager" and didn't pass one of the voters.

Solved by adding org.springframework.security.web.access.expression.WebExpressionVoter to accessDecisionManager bean.