Java Reference
In-Depth Information
<url-pattern>/company/*</url-pattern>
<http-method-omission>GET</http-method-omission>
<http-method-omission>POST</http-method-omission>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
If you want to extend these exclusions to the unconstrained parts of your applica-
tion, also include the URL pattern / (forward slash):
Click here to view code image
<!-- SECURITY CONSTRAINT #6 -->
<security-constraint>
<display-name>Deny all HTTP methods except GET and
POST</display-name>
<web-resource-collection>
<url-pattern>/company/*</url-pattern>
<url-pattern>/</url-pattern>
<http-method-omission>GET</http-method-omission>
<http-method-omission>POST</http-method-omission>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
• If, for your web application, you do not want any resource to be accessible unless
you explicitly define a constraint that permits access to it, you can define an
auth-constraint that names no roles and associate it with the URL pattern / .
The URL pattern / is the weakest matching pattern. Do not list any HTTP methods
in this constraint.
Click here to view code image
<!-- SECURITY CONSTRAINT #7 -->
<security-constraint>
<display-name>
Switch from Constraint to Permission model
(where everything is denied by default)
</display-name>
<web-resource-collection>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
Previous Page
Next Page
The Java EE 6 Tutorial: Advanced Topics
Search WWH ::




Custom Search
Home