Security Services

Security services in Seraph determine the roles required for any given request. There are two security services bundled with Seraph - the Path service and the WebWork service.
Security services can use any meta-data associated with the incoming request, so other examples of services could be an IPService (to authenticate users based on IP) or a KeyService (to authenticate users based on their security keys).

Path Service

The Path Service secures particular URL paths. It allows for extremely flexible path lookups (ie /admin/*, /admin/Setup*, /admin/Setup*Foo etc) and is configured via it's own XML configuration file, named seraph-paths.xml.
The Path service is configured in security-config.xml as follows: 

<service class="com.atlassian.seraph.service.PathService">
    <init-param>
        <param-name>config.file</param-name>
        <param-value>/seraph-paths.xml</param-value>
    </init-param>
</service>
The seraph-paths.xml file contains the secured paths and the roles required for each. Here is a sample: 
<seraph-paths>
    <!-- You can configure any number of path elements -->
    <path name="admin">
        <url-pattern>/admin/*</url-pattern>
		<role-name>myapp-administrators, myapp-owners</role-name>
    </path>
</seraph-paths>

WebWork Service

The WebWork Service secures WebWork 1 actions. You must use actions.xml to configure your actions, and then just add a "roles-required" attribute to each action or command element.
Here is a snippet of actions.xml showing the roles-required attribute: 

<action name="project.AddProject" roles-required="admin">
    <view name="input">/secure/admin/views/addproject.jsp</view>
</action>