Property and Method Security

To configure security on a component property or method, add a property or method tag within the resource tag. The property and method tags allow you to control which users have access to specific properties and methods.

In the following example, property1 and methodA in /some/Component can be accessed only by the restAdmin user. property2 and methodB can be accessed by anyone, because security has been disabled on it.

<rest-security>
 <default-acl>Profile$role$restUser:read,write,execute"</default-acl>

 <resource component="/some/Component">
 <default-acl value="Profile$login$restAdmin:read,write,execute;Profile$role$restUser:read"/>

 <property name="property1">
 <acl value="Profile$login$restAdmin:read,write"/>
 </property>

 <property name="property2" secure="false"/>

 <method name="methodA">
 <acl value="Profile$login$restAdmin:execute"/>
 </property>

 <method name="methodB" secure="false"/>
 </resource>

 <resource component="/some/other/Component" secure="false"/>
</rest-security>

Methods which are overloaded and have different security requirements require a signature attribute, available on the method tag. This attribute allows for a Java method signature that uniquely identifies the method.

Copyright © 1997, 2012 Oracle and/or its affiliates. All rights reserved. Legal Notices