The instance-name/webapps/web-app-name/WEB-INF/oeablSecurity.csv file implements URL access controls for web applications. Each entry (or line) in the file is and ordered set of three values.

Note: Access control lists, since they are ordered sets of three values, do not lend themselves well to the format of a properties file with its name/value pairs. Therefore, URL access controls were not included in the oeablSecurity.properties file. CSV files are more suitable for access control lists, and they are easily maintainable by many external administrative tools.

The three values of an entry in oeablSecurity.csv correspond to the three attributes of a Spring Security intercept-url element, namely:

  • pattern — the URL pattern which can include wildcards and regular expressions
  • method — the HTTP access method
  • access — role[s] that are allowed access to the resource

Each line in the file must contain all three values specified in a comma separated list.

For example, the following snippet grants access to any user who has either ROLE_PSCAdmin or ROLE_PSCUser privileges to data from a resource whose URL begins with /web/sales/.

"/web/sales/**", "GET", "hasAnyRole('ROLE_PSCAdmin','ROLE_PSCUser')"