This is because the RolesAuthorizationFilter ('roles') performs 'and'
logic - it checks to see that all roles specified are associated with
the Subject.If you need to check to see if any of the roles are associated (and not all), you will need to create your own roles filter that supports this. You can use the existing roles filter as an example to base your implementation on: http://svn.apache.org/repos/asf/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authz/RolesAuthorizationFilter.java In the future, Shiro will likely support an authorization syntax that allows defining boolean expressions so you can define the rules yourself, but in the meantime, the above filter source code should get you started. HTH, -- Les Hazlewood CTO, Katasoft | http://www.katasoft.com | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood katasoft blog: http://www.katasoft.com/blogs/lhazlewood personal blog: http://leshazlewood.com On Tue, Sep 20, 2011 at 3:14 AM, neocdtv <[email protected]> wrote: > Well I've tried this before, I can start the webapp, but it does really work, > I can't access the role1ORrole2 area with any of the roles then. > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Shiro-ini-multiple-roles-for-one-url-tp6806837p6811671.html > Sent from the Shiro User mailing list archive at Nabble.com.
