Currently there is no logical expression support (AND/OR) for filters - the best way to do this is with Permissions. Permissions are meant for finer-grained control compared to roles and suit your purpose quite well.
You can assign the same permission to both roles. So, if you had a 'homework:view' permission assigned to both, you could do this: /students/** = authc,perms[homework:view] And any role with that permission would be able to visit that url. I hope that helps! But if you'd still like to see expression support, please add a Jira issue - I think we might be able to squeeze that in to 1.0. Cheers, Les On Wed, Apr 1, 2009 at 2:12 PM, Bruce Phillips <[email protected]> wrote: > > I have a role of admin and a role of student. > > I want to setup the filter so that the admin can access all URLs (ncluding > those URLs the student can access) and the student can only access some of > the URLs. > > For example: > > [urls] > /students/** = authc, roles[student] > /admin/** = authc, roles[admin] > > How to I enable access to /students/** for users with role of admin? Do I > have to give those users who role of admin another role of student? > > Thanks for the assistance > > Bruce > -- > View this message in context: > http://n2.nabble.com/Allowing-Multiple-Roles-To-Access-A-URL-tp2570736p2570736.html > Sent from the JSecurity User mailing list archive at Nabble.com. > >
