As per request .....
==============On Thu, May 31, 2012 at 3:07 PM, ftringali wrote:
I spent a day trying to setup REST security configuration (rest.properties)
in a way that allows free access of a ROLE_X to workspace "abc" locking down
Imho, securing the service by Ant patterns without an "ordered" list of
rules is too difficult.
I didn't find a way to satisfy my requirement in such a situation, so I did
some little changes to trunk code (I'll send diff and .java files if
necessary): TreeSet -LinkedHashSet and so on.
Now, via rest.properties I could take advantage of all capabilities of
Before, rules were returned by "natural ordering" and the last (/**) was
always read as first matching rule, allowing only rules like the following
(note that GET method is not in the last line)
Please let me know your opinions
==============On 2012/5/31 Andrea Aime wrote:
The approach suggested seems to work.
In general I don't like rule systems that work based on rule order
when it's also possible to apply a specificify approach, which does not require ordering instead: it's the CSS approach, where the most specific rule applies regardless of the order.
That said, don't know if it's possible to bend spring to use a CSS-like approach, and how effort it would be.
It would be nice if you could provide a patch and attach it to a ticket in jira.