Not sure, configure our REST bits programaticlly, but the first option looks correct
On Wed, Sep 22, 2010 at 12:14 PM, Hilco Wijbenga <[email protected]>wrote: > On 19 September 2010 20:23, Hilco Wijbenga <[email protected]> > wrote: > > On 18 September 2010 01:42, Les Hazlewood <[email protected]> wrote: > >> As Brian mentioned, check out the BasicHttpAuthenticationFilter > >> (available as the 'authcBasic' default filter). Most REST apps use > >> that one for authentication and this performs the challenge/response > >> logic you mentioned (HTTP 401, etc). You might also want to look in > >> to the HttpMethodPermissionFilter for authorization. They're both > >> linked from the page Brian included. > > > > I've got the BasicHttpAuthenticationFilter working but I'm unclear on > > how to add the HttpMethodPermissionFilter. I can get something like > > > > /account/** = authcBasic > > > > to work but > > > > /account/** = authcBasic, rest[user] > > > > just seems to block everything. > > > > Also, how do I configure different permissions for different HTTP > > methods? E.g. allow everyone POST on /accounts (to create a new > > account) but require role Admin for GET on /accounts (to list all > > existing accounts). > > > > How do I allow one particular user access to a particular URL. I.e. > > how do I allow *only* user xyz access to /user/xyz/stuff? Obviously, I > > don't want to have to configure each user separately. > > > > Cheers, > > Hilco > > Anyone? >
