To configure security on a component property or method, add a property or method tag within the resource tag. The property and method tags allow you to control which users have access to specific properties and methods.

By default, properties and methods of unsecured components are secured. You must explicitly list any properties or methods that you want to expose. In the following example, the property named Property1 would default to being a secure property, however, we want that property to be accessible only to the restAdmin, so it must be identified specifically. The property named Property2 is available to everyone since it does not specify an ACL value. However, all other properties and methods of this component are secure by default. Note that this does not affect what is returned by the URL, only which URLs are accessible.

<rest-security>
 <default-acl>Profile$role$restUser:read,write,execute"</default-acl>

 <resource component="/some/Component">
 <default-acl value="Profile$login$restAdmin:read,write,execute;
      Profile$role$restUser:read"/>

 <property name="property1">
 <acl value="Profile$login$restAdmin:read,write"/>
 </property>

 <property name="property2" secure="false"/>
   <method name="methodA">
     <acl value="Profile$login$restAdmin:execute"/>
   </method>
 </property>

 <method name="methodB" secure="false"/>
 </resource>

 <resource component="/some/other/Component" secure="false"/>
 </resource>
</rest-security>

Methods which are overloaded and have different security requirements require a signature attribute, available on the method tag. This attribute allows for a Java method signature that uniquely identifies the method.


Copyright © 1997, 2015 Oracle and/or its affiliates. All rights reserved. Legal Notices