You could try changing Acegi to read the URLs-to-roles definition from your database, making it more dynamic:
http://jnassef.blogspot.com/2007/07/dynamic-roles-management-in-acegi.html Matt On 10/23/07, George.Francis <[EMAIL PROTECTED]> wrote: > > Aha, > Is there any way to reload the security.xml at runtime? The reason I ask is > becase without that ability, if I went down the route of mapping > ws-operations to Roles in security.xml it would be impossible to apply > changes to this mapping without a restart of the web application? > > > > mraible wrote: > > > > You can enter them in sample-data.xml for testing and default-data.xml > > for production. After adding them to the database, you should be able > > to add them in security.xml. > > > > Matt > > > > On 10/22/07, George.Francis <[EMAIL PROTECTED]> wrote: > >> > >> That's good - can you give me a bit of direction on how to define new > >> Roles? > >> > >> > >> mraible wrote: > >> > > >> > The first option seems like the easiest solution to me. > >> > > >> > Matt > >> > > >> > On 10/22/07, George.Francis <[EMAIL PROTECTED]> wrote: > >> >> > >> >> I noticed that the methodSecurityInterceptor bean in security.xml has > >> : > >> >> <value> > >> >> org.appfuse.service.UserManager.getUsers=ROLE_ADMIN > >> >> org.appfuse.service.UserManager.removeUser=ROLE_ADMIN > >> >> </value> > >> >> Which would seem to apply role-based security at the webservice method > >> >> level. > >> >> If I wanted to apply security to different methods based on the User, > >> >> could > >> >> I do this by either: > >> >> a) creating new Roles (one for each method in the webservice eg: > >> >> ROLE_ALLOW_GETUSERS) > >> >> or: > >> >> b) changing this annotation in security.xml to somehow reference > >> >> individual > >> >> Users? > >> >> > >> >> thanks > >> >> > >> >> -- > >> >> View this message in context: > >> >> > >> http://www.nabble.com/Method-level-web-service-security-for-Users-tf4673765s2369.html#a13352858 > >> >> Sent from the AppFuse - User mailing list archive at Nabble.com. > >> >> > >> >> --------------------------------------------------------------------- > >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> >> For additional commands, e-mail: [EMAIL PROTECTED] > >> >> > >> >> > >> > > >> > > >> > -- > >> > http://raibledesigns.com > >> > > >> > --------------------------------------------------------------------- > >> > To unsubscribe, e-mail: [EMAIL PROTECTED] > >> > For additional commands, e-mail: [EMAIL PROTECTED] > >> > > >> > > >> > > >> > >> -- > >> View this message in context: > >> http://www.nabble.com/Method-level-web-service-security-for-Users-tf4673765s2369.html#a13356292 > >> Sent from the AppFuse - User mailing list archive at Nabble.com. > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > > -- > > http://raibledesigns.com > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > -- > View this message in context: > http://www.nabble.com/Method-level-web-service-security-for-Users-tf4673765s2369.html#a13364709 > Sent from the AppFuse - User mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- http://raibledesigns.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
