To configure security on a component property or method, add a property
or method
tag within the resource
tag. The property
and method
tags allow you to specify at the property or method level to which users have access for the specified property or method.
In the following example, property1
and methodA
in /some/Component
can be accessed only by the admin user. property2
and methodB
can be accessed by anyone because security has been disabled on it.
<rest-security> <default-acl>Profile$role$restUser:read,write,execute"</default-acl> <resource component="/some/Component"> <default-acl value="Profile$login$admin:read,write,execute;Profile$role$restUser:read"/> <property name="property1"> <acl value="Profile$login$admin:read,write"/> </property> <property name="property2" secure="false"/> <method name="methodA"> <acl value="Profile$login$admin:execute"/> </property> <method name="methodB" secure="false"/> </resource> <resource component="/some/other/Component" secure="false"/> </rest-security>
Methods which are overloaded and have different security requirements require a signature
attribute, available on the method
tag. This attribute allows for a Java method signature that uniquely identifies the method.