On 19 September 2010 20:23, Hilco Wijbenga <[email protected]> wrote: > On 18 September 2010 01:42, Les Hazlewood <[email protected]> wrote: >> As Brian mentioned, check out the BasicHttpAuthenticationFilter >> (available as the 'authcBasic' default filter). Most REST apps use >> that one for authentication and this performs the challenge/response >> logic you mentioned (HTTP 401, etc). You might also want to look in >> to the HttpMethodPermissionFilter for authorization. They're both >> linked from the page Brian included. > > I've got the BasicHttpAuthenticationFilter working but I'm unclear on > how to add the HttpMethodPermissionFilter. I can get something like > > /account/** = authcBasic > > to work but > > /account/** = authcBasic, rest[user] > > just seems to block everything. > > Also, how do I configure different permissions for different HTTP > methods? E.g. allow everyone POST on /accounts (to create a new > account) but require role Admin for GET on /accounts (to list all > existing accounts). > > How do I allow one particular user access to a particular URL. I.e. > how do I allow *only* user xyz access to /user/xyz/stuff? Obviously, I > don't want to have to configure each user separately. > > Cheers, > Hilco
Anyone?
