I wrote this following code to restrict the user from accessing certain pages. Problem is it isn't working correctly. configuration.add(factory.createChain("/index").add(factory.authc()).build()); I wrote this code so that only authorized user view the page, But in my program everyone can view.
configuration.add(factory.createChain("/medicine/**").add(factory.roles(), "employee").build()); configuration.add(factory.createChain("/medicine/**").add(factory.roles(), "doctor").build()); With this code employee cannot access tml file of medicine folder but doctor can. Why is this so? public static void contributeSecurityConfiguration(Configuration<SecurityFilterChain> configuration, SecurityFilterChainFactory factory) { configuration.add(factory.createChain("/signin").add(factory.anon()).build()); configuration.add(factory.createChain("/index").add(factory.authc()).build()); configuration.add(factory.createChain("/medicine/**").add(factory.roles(), "employee").build()); configuration.add(factory.createChain("/prescription/**").add(factory.roles(), "doctor").build()); configuration.add(factory.createChain("/medicine/**").add(factory.roles(), "doctor").build()); } -- View this message in context: http://tapestry.1045711.n5.nabble.com/shiro-tp5082018p5082018.html Sent from the Tapestry - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org