HTML and CSS Reference
In-Depth Information
xsi:schemaLocation="
http://xmlns.jcp.org/xml/ns/javaee
...
<security-constraint>
<display-name>securityConstraint</display-name>
<web-resource-collection>
<web-resource-name>resources</web-resource-name>
<url-pattern>/protected/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>weatherUserRole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>WeatherRealm</realm-name>
<form-login-config>
<form-login-page>/home.xhtml</form-login-page>
<form-error-page>/error.xhtml</form-error-page>
</form-login-config>
</login-config>
...
</web-app>
<security-constraint>
element is used to define the access privileges to a collection of resources using their
URL mapping. It can contain the following elements:
•
Web resource collection (
<web-resource-collection>
): A list of URL patterns and HTTP
operations that describe a set of resources to be protected.
•
Authorization constraint (
<auth-constraint>
): Specifies whether authentication is to be used
and names the roles authorized to perform the constrained requests.
•
User data constraint (
<user-data-constraint>
): Specifies how data is protected when
transported between a client and a server (will be illustrated in the “Data Protection” section).
A web resource collection (
<web-resource-collection>
) contains the following elements:
•
<web-resource-name>
(optional) is the name which you use for the web resource.
•
<url-pattern>
is the URL to be protected.
•
<http-method>
is used to specify which methods should be protected.