Greetings,
I am trying to set up Acegi (using HTTP BASIC Auth) for a set of
RESTful web services (implemented using the Atom Publishing Protocol)
And I have the basic setup running.
But REST complicates matters because the exact same URL is used for
"reads" and "writes", with the HTTP method determining which.
I want to set up Acegi so that it will allow different Roles for the
same URL but different HTTP Methods.
For example
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"
ref="authenticationManager"/>
<property name="accessDecisionManager">
<ref local="httpRequestAccessDecisionManager"/>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=ROLE_ALL
</value>
</property>
</bean>
Would need something like this???
POST /items ROLE_WRITER
PUT /items/** ROLE_WRITER
DELETE /items/** ROLE_WRITER
GET /items/** ROLE_READER
GET /items ROLE_READER
How would I go about this??
Does Acegi somehow understand REST already??
Any suggestions would be greatly appreciated.
Thanks,
-- Chris
S'all good --- [EMAIL PROTECTED]
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer