Protecting application resources
If you added application-specific resources to the PureWeb server, such as logos and other similar files, you may wish to protect them.
For this, you have two options: you can make the resources private using security roles, or by editing the security-config.xml file.
Making resources private
Making resources private has the advantage of allowing applications to define their own security constraints without needing to make changes to low-level configuration files.
- Navigate to the following location:
- Create a subdirectory.
- Add the resources for your application to this directory.
- Provide Controller implementations that make these resources available to users with the correct roles using the security annotations provided by the Spring Framework.
Editing the security-config.xml file
This approach secures all of the resources using a simple pattern that recursively matches your resource directory.
- Navigate to the following file and open it in a text editor:
- Edit the file by including a line such as the one below (in this example, access to the resources is limited to users who log in using a “user” level security role):
<intercept-url pattern="/<application name>/**"access="ROLE_PUREWEB_USER"/>
- Save the file to commit your changes.
You must perform a reload or restart the server before server configuration or plug-in file changes take effect.
To perform a reload, navigate to the server's Configuration page and click the Reload button for the section where the file is located within the page (for example, if you edited a plug-in configuration file, click the Reload Plugins button, if you edited a logging configuration file, click the Reload Logging button, and so on).
If you edit a configuration file, the server will display a reload required message beside this file in the Configuration page as a reminder until the changes have been applied.