Security Services

Security services in Seraph determine the roles required for any given request. There are two security services bundled with Seraph - the Path service and the WebWork service.
Security services can use any meta-data associated with the incoming request, so other examples of services could be an IPService (to authenticate users based on IP) or a KeyService (to authenticate users based on their security keys).

Path Service

The Path Service secures particular URL paths. It allows for extremely flexible path lookups (ie /admin/*, /admin/Setup*, /admin/Setup*Foo etc) and is configured via it's own XML configuration file, named seraph-paths.xml.
The Path service is configured in security-config.xml as follows:

<service class="com.atlassian.seraph.service.PathService">
The seraph-paths.xml file contains the secured paths and the roles required for each. Here is a sample:
    <!-- You can configure any number of path elements -->
    <path name="admin">
		<role-name>myapp-administrators, myapp-owners</role-name>

WebWork Service

The WebWork Service secures WebWork 1 actions. You must use actions.xml to configure your actions, and then just add a "roles-required" attribute to each action or command element.
Here is a snippet of actions.xml showing the roles-required attribute:

<action name="project.AddProject" roles-required="admin">
    <view name="input">/secure/admin/views/addproject.jsp</view>