There is a special security expression in spring security:
hasAnyRole(list of roles) - true if the user has been granted any of
the roles specified (given as a comma-separated list of strings).
I have never used it but I think it is exactly what you are looking for.
Example usage:
<security:authorize access="hasAnyRole('ADMIN', 'DEVELOPER')">
...
</security:authorize>
Here is a link to the reference documentation where the standard spring security expressions are described. Also, here is a discussion where I described how to create custom expression if you need it.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…