I want to define access for some pages for user who has one of following roles (ROLE1 or ROLE2)

我想为具有以下角色（ROLE1 或 ROLE2）之一的用户定义某些页面的访问权限

I'm trying to configure this in my spring security xml file as following:

我正在尝试在我的 spring 安全 xml 文件中配置它，如下所示：

<security:http entry-point-ref="restAuthenticationEntryPoint" access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security" use-expressions="true">
        <!-- skipped configuration -->
        <security:intercept-url pattern="/rest/api/myUrl*" access="hasRole('ROLE1') or hasRole('ROLE2')" />

        <!-- skipped configuration -->
    </security:http>

I've tried various ways like:

我尝试了各种方法，例如：

access="hasRole('ROLE1, ROLE2')"
access="hasRole('ROLE1', 'ROLE2')"
access="hasAnyRole('[ROLE1', 'ROLE2]')"

etc

等等

but nothing seems to be working.

但似乎没有任何效果。

I'm keep getting exception

我不断收到异常

java.lang.IllegalArgumentException: Unsupported configuration attributes:

or

或者

java.lang.IllegalArgumentException: Failed to parse expression 'hasAnyRole(['ROLE1', 'ROLE2'])'

how should it be configured?

应该如何配置？

Thanks

谢谢