To configure security on a component property or method, add a property
or method
tag within the resource
tag. The property
and method
tags allow you to control which users have access to specific properties and methods.
In the following example, property1
and methodA
in /some/Component
can be accessed only by the restAdmin user. property2
and methodB
can be accessed by anyone, because security has been disabled on it.
<rest-security> <default-acl>Profile$role$restUser:read,write,execute"</default-acl> <resource component="/some/Component"> <default-acl value="Profile$login$restAdmin:read,write,execute;Profile$role$restUser:read"/> <property name="property1"> <acl value="Profile$login$restAdmin:read,write"/> </property> <property name="property2" secure="false"/> <method name="methodA"> <acl value="Profile$login$restAdmin:execute"/> </property> <method name="methodB" secure="false"/> </resource> <resource component="/some/other/Component" secure="false"/> </rest-security>
Methods which are overloaded and have different security requirements require a signature
attribute, available on the method
tag. This attribute allows for a Java method signature that uniquely identifies the method.