On 18 September 2010 01:42, Les Hazlewood <[email protected]> wrote: > As Brian mentioned, check out the BasicHttpAuthenticationFilter > (available as the 'authcBasic' default filter). Most REST apps use > that one for authentication and this performs the challenge/response > logic you mentioned (HTTP 401, etc). You might also want to look in > to the HttpMethodPermissionFilter for authorization. They're both > linked from the page Brian included.
I've got the BasicHttpAuthenticationFilter working but I'm unclear on how to add the HttpMethodPermissionFilter. I can get something like /account/** = authcBasic to work but /account/** = authcBasic, rest[user] just seems to block everything. Also, how do I configure different permissions for different HTTP methods? E.g. allow everyone POST on /accounts (to create a new account) but require role Admin for GET on /accounts (to list all existing accounts). How do I allow one particular user access to a particular URL. I.e. how do I allow *only* user xyz access to /user/xyz/stuff? Obviously, I don't want to have to configure each user separately. Cheers, Hilco
