M
Michael Jacobs
Guest
You are welcome Paul. You would not do anything in your html code. All the security is localized in the server where it cannot by hacked. For the most part the Spring Security templates we provide you will have the REST URL access controls setup. The possible changes would be to change which Roles (Spring is a pure Roll Based Authorization) can access the URL. The Role names will be specific to the types of user accounts used for authentication (login). For example - to authorize all the users in the ROLE_PSCUser Role to access the entire REST relative uri space (for GET,PUT,POST,DELETE) !-- HTTP REST/Mobile AppServer service -- intercept-url pattern="/rest/**" access="hasAnyRole('ROLE_PSCUser')"/ If the user accounts you use use another user Role named "Users", then you would adjust the Role clause to be 'ROLE_Users'. (Note: for reasons I will not address here, Spring prefixes Role names with 'ROLE_') Specific to your example: the equivalent would be: !-- HTTP REST/Mobile AppServer service -- intercept-url pattern="/rest/**" access="hasAnyRole('ROLE_ADMIN')"/ OK? Mike J.
Continue reading...
Continue reading...