can sec:authorize from thymeleaf be used for multiple roles

So i have an element that i want to be accessible by both ADMIN and MODERATOR roles but not by regular users. I am using :

  <a class="dropdown-item" href="/addFishToWater" 
  sec:authorize="hasRole('ROLE_ADMIN')">Admin</a>

For single role check it works properly but is there a way to check for any of the roles ADMIN and MODERATOR.

Solution

Yes. You can use

<a class="dropdown-item" href="/addFishToWater" 
  sec:authorize="hasAnyRole('ROLE_ADMIN', 'ROLE_MODERATOR')">Admin</a>

More info about other options can be found in the official documentation.

How to install spring-boot-starter-security dependency
Spring Boot adds 'es' to the links
Spring Boot - Return an empty array of objects
Do we have XSDs particularly for Spring 5.x?
Spring + Ehcache : How to cache find all result
Equivalent to DataJpaTest for Spring Data's ReactiveCrudRepository and R2DBC
How to return values of only one parameter in GetMapping?
Find/Remove in @DBref list items in MongoDB for Spring
Name for argument of type [java.lang.String] not specified, and parameter name information not available via reflection
How to return 404 response status in Spring Boot @ResponseBody - method return type is Response?
UnsatisfiedDependencyException: Error creating bean with name
Cannot load configs from Config Server - No suitable HttpMessageConverter
How to start HSQLDB in server mode from Spring boot application
not able to call upload file API using RestTemplate
Add SoapHeader to org.springframework.ws.WebServiceMessage
How to avoid block from Reactive Service in Spring Integration Flow?
What are the arguments while extending JpaRepository<T, ID>
The lookup from the cache into processor is taking lot of time - Spring Batch project
Prevent JPA from changing DB column data type
Is it possible to use @Transactional and kotlin coroutines in spring boot?
Junit mock is not working for mockito call
Spring Boot application is encountering a NullPointerException after running for a while
Map as parameter in RestAPI Post request
Disabling JMX in a spring application
Could not instantiate bean class: Specified class is an interface
Implementing custom methods of Spring Data repository and exposing them through REST
RestClientException: Could not extract response. no suitable HttpMessageConverter found
SAXParseException; src-resolve: Cannot resolve the name '...' to a(n) 'type definition' component
Is it good idea to use the DAO design pattern with spring Boot, instead of using repository design pattern provided by spring data jpa?
java.lang.IllegalArgumentException: Not a managed type: @Entity