You can secure methods on a per-role basis in security.xml. This file is merged into your WEB-INF directory from AppFuse's common-web project. However, you can override it by copying it into your own project's src/main/webapp/WEB-INF directory. Here is the current code you'll need to modify to security more beans:
<!-- Apply method-level interceptor to userManager bean -->
<aop:config>
<aop:advisor id="managerSecurity" advice-ref="methodSecurityInterceptor"
pointcut="execution(* org.appfuse.service.UserManager.*(..))"/>
</aop:config>
<bean id="methodSecurityInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
org.appfuse.service.UserManager.getUsers=admin
org.appfuse.service.UserManager.removeUser=admin
</value>
</property>
</bean>
The easiest way to copy the security.xml file into your project is:
- Run mvn package.
- Copy target/yourproject-version/WEB-INF/security.xml to src/main/webapp/WEB-INF.
This page
Other pages
Account
