Just awesome idea to have such plugin in IDEA.
Unfortunately, it seems not quite well functioning.
p, alice, domain1, /foo/bar/.+/.+baz.+, GET, allow
p, alice, domain1, /foo/bar/.+/baz$, GET, deny
p, alice, domain1, /foo/bar/.+, GET, allow
p, alice, domain1, /foo/bar.+, GET, deny
p, alice, domain1, /foo/bar$, GET, allow
p, alice, 10.10.10.10, /foo/.+, GET, allow
p, alice, 10.10.10.10, /foo.+, GET, deny
p, alice, domain1, /foo/.+, GET, deny
p, alice, domain1, /foo.+, GET, deny
p, data2_admin, domain1, /foo$, GET, allow
p, alice, domain1, /foo$, GET, deny
p, root, domain1, /foo$, GET, deny
p, alice, domain1, /.+, GET, deny
g, alice, data2_admin, domain1
g, bob, root, domain1
[request_definition]
r = sub, dom, obj, act
[policy_definition]
p = sub, dom, obj, act, eft
[role_definition]
g = _, _, _
[policy_effect]
e = priority(p.eft) || deny
[matchers]
m = (((r.sub == p.sub) || g(r.sub, p.sub, r.dom)) && r.dom == p.dom && c(r.obj, p.obj) && regexMatch(r.act, p.act)) || (g(r.sub, "root", p.dom) || r.sub == "admin")
alice, domain1, /zed, GET
alice, domain1, /zed, POST
alice, domain-10050, /foo, GET
alice, domain1, /foo, GET
data2_admin, domain1, /foo, GET
alice, domain1, /foo-bar, GET
alice, domain1, /foo/zed, GET
alice, domain1, /foo/bar, GET
alice, domain1, /foo/bar-zed, GET
alice, domain1, /foo/bar/zed, GET
alice, domain1, /foo/bar/*/baz-q, GET
alice, domain1, /foo/bar/zed/baz, GET
alice, domain1, /foo/bar/*/*baz*, GET
alice, domain1, /foo/bar/zed/aaa-baz=val, GET
alice, 10.10.10.10, /foo, GET
alice, 10.10.10.10, /foo/bar, GET
root, *, *, *
root, *, *, GET
root, *, *, POST
root, *, *, PUT
root, *, /foo/bar/zed/baz, *
root, *, /foo/bar/zed/aaa-baz=val, *
bob, domain1, /foo, POST
bob, domain1, /foo$, GET
bob, domain1, /foo/bar/baz, GET
bob, domain2, /foo, PUT
bob, domain2, /foo, GET
bob1, domain1, /foo, GET
admin, domain1, /foo-bar, GET
admin, domain10500, /cert, GET