hi Tom thanks for the response. I already have implementation for jaas authentication & authorization at service level but I want to control the authorizations at the operation level of the service.
I'm confused what you are asking for here - do you mean you want to control authorizations at the action level? Or at the read/write operation level?
Tom sorry for the confusion. I have an ESB Proxy ValidateProductProxy for an underlying service ValidateProductService which has two operations validateCatalog and fetchProductDetails.
I have the following roles configured in my ldap role1,role2,role3 and role4.
validateCatalog - should allow users with the roles role1,role2 and role4
fetchProductDetails - should allow users with roles role4.
<security moduleName="authLdap" rolesAllowed="role1,role2"/>
we can configure roles at the service level . My question is can we configure roles at operation level ?