To configure security on a component property or method, add a property
or method
tag within the resource
tag. The property
and method
tags allow you to control which users have access to specific properties and methods.
By default, properties and methods of unsecured components are secured. You must explicitly list any properties or methods that you want to expose. In the following example, the property named Property1
would default to being a secure property, however, we want that property to be accessible only to the restAdmin
, so it must be identified specifically. The property named Property2
is available to everyone since it does not specify an ACL value. However, all other properties and methods of this component are secure by default. Note that this does not affect what is returned by the URL, only which URLs are accessible.
<rest-security> <default-acl>Profile$role$restUser:read,write,execute"</default-acl> <resource component="/some/Component"> <default-acl value="Profile$login$restAdmin:read,write,execute; Profile$role$restUser:read"/> <property name="property1"> <acl value="Profile$login$restAdmin:read,write"/> </property> <property name="property2" secure="false"/> <method name="methodA"> <acl value="Profile$login$restAdmin:execute"/> </property> <method name="methodB" secure="false"/> </resource> <resource component="/some/other/Component" secure="false"/> </rest-security>
Methods which are overloaded and have different security requirements require a signature
attribute, available on the method
tag. This attribute allows for a Java method signature that uniquely identifies the method.