Protecting application resources

If you added application-specific resources to the PureWeb server, such as logos and other similar files, you may wish to protect them.

For this, you have two options: you can make the resources private using security roles, or by editing the security-config.xml file.


Making resources private

Making resources private has the advantage of allowing applications to define their own security constraints without needing to make changes to low-level configuration files.

  1. Navigate to the following location:
    [install_path]\webapp\WEB-INF\views\
  2. Create a subdirectory.
  3. Add the resources for your application to this directory.
  4. Provide Controller implementations that make these resources available to users with the correct roles using the security annotations provided by the Spring Framework.

Editing the security-config.xml file

This approach secures all of the resources using a simple pattern that recursively matches your resource directory.

  1. Navigate to the following file and open it in a text editor:
    [install_path]\Server\conf\security-config.xml
  2. Edit the file by including a line such as the one below (in this example, access to the resources is limited to users who log in using a “user” level security role):
    <intercept-url pattern="/<application name>/**"access="ROLE_PUREWEB_USER"/>
  3. Save the file to commit your changes.

You must perform a reload or restart the server before server configuration or plug-in file changes take effect.

To perform a reload, navigate to the server's Configuration page and click the Reload button for the section where the file is located within the page (for example, if you edited a plug-in configuration file, click the Reload Plugins button, if you edited a logging configuration file, click the Reload Logging button, and so on).

If you edit a configuration file, the server will display a reload required message beside this file in the Configuration page as a reminder until the changes have been applied.