Product SiteDocumentation Site

12.2.2. Grouping Paths

When defining your security policies you may want to reuse a set of configurations between different paths. This is very handy if you want to keep your configuration simple and group your paths based on a specific behavior.
The HttpSecurityBuilder provides the following method to define a group:
httpBuilder
    .forGroup("REST Services")
        .authenticateWith()
            .basic()
    .forGroup("Web Pages")
        .authenticateWith()
            .form()
    .forPath("/rest/*", "REST Services")
    .forPath("/*.jsf", "Web Pages")
This is a very simple configuration that defines two groups: REST Services and Web Pages. The first is enforcing BASIC authentication and the latter FORM authentication. For that we used the forGroup method provided by the HttpSecurityBuilder.
In order to specify which group a specific path belongs to, you just need to do the following:
httpBuilder
    .forPath("/rest/*", "REST Services")
    .forPath("/*.jsf", "Web Pages")
In this case, we use the forPath(String, String) method from the HttpSecurityBuilder where the first argument is the path and the second the name of the group.
You can even override the configuration defined by a group when configuring a path. Let's say you want to allow access for a specific path based on a specific role. But still reusing all the configuration defined by the group.
httpBuilder
    .forPath("/rest/admin/*", "REST Services")
        .authorizeWith()
            .role("Administrator")