Security services in Seraph determine the roles required for any given request.
There are two security services bundled with Seraph - the Path service and the WebWork service.
Security services can use any meta-data associated with the incoming request, so other examples
of services could be an IPService (to authenticate users based on IP) or a KeyService (to authenticate
users based on their security keys).
The Path Service
secures particular URL paths. It allows for extremely flexible path
lookups (ie /admin/*, /admin/Setup*, /admin/Setup*Foo etc) and is configured via it's own XML
configuration file, named seraph-paths.xml
.
The Path service is configured in security-config.xml
as follows:
<service class="com.atlassian.seraph.service.PathService">
<init-param>
<param-name>config.file</param-name>
<param-value>/seraph-paths.xml</param-value>
</init-param>
</service>
<seraph-paths>
<!-- You can configure any number of path elements -->
<path name="admin">
<url-pattern>/admin/*</url-pattern>
<role-name>myapp-administrators, myapp-owners</role-name>
</path>
</seraph-paths>
The WebWork Service
secures WebWork 1 actions. You must use actions.xml to configure your
actions, and then just add a "roles-required" attribute to each action or command element.
Here is a snippet of actions.xml
showing the roles-required attribute:
<action name="project.AddProject" roles-required="admin">
<view name="input">/secure/admin/views/addproject.jsp</view>
</action>