CodeseniorSoftware Tutorials

<intercept-url pattern="/admin/home/addUser" access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/admin/home/**" access="hasAnyAuthority('ROLE_ADMIN','ROLE_NORMAL')"/>

admin/home/addUser paths can only be accessed by ROLE_ADMIN and any other web pages located in /admin/ is accessed ROLE_ADMIN and ROLE_NORMAL. But notice that addUser page is also in /admin/ directory. By writing addUser url before more general path, /admin/home/**, we made a kind of filter.