The instance-name/webapps/web-app-name/WEB-INF/oeablSecurity.csv file implements URL access controls for web applications. Each entry (or line) in the file is an ordered set of three values.

Note: Because an access control list (ACL) is an ordered set of three values, the format of an ACL does not fit well with a property file's name-value pairs. Therefore, URL access controls are not included in the oeablSecurity.properties file. Comma-separated value (CSV) files are more suitable for access control lists, and they are easily maintainable by many external administrative tools.

The three values of an entry in oeablSecurity.csv correspond to the three attributes of a Spring Security intercept-url element, namely:

  • pattern—The URL pattern that can include wildcards and regular expressions
  • method—The HTTP access method
  • access—The roles that are allowed access to the resource

Each line in the file must contain all three values specified in a comma-separated list.

For example, the following code grants access to any user who has either ROLE_PSCAdmin or ROLE_PSCUser privileges to the data from a resource whose URL begins with /web/sales/.

"/web/sales/**", "GET", "hasAnyRole('ROLE_PSCAdmin','ROLE_PSCUser')"
Note: When the anonymous login model is enabled, PAS for OpenEdge does not use the URL access control file. URL access is instead determined by the anonymous login configuration.