HTML and CSS Reference
In-Depth Information
<security-constraint>
<display-name>securityConstraint2</display-name>
<web-resource-collection>
<web-resource-name>resources</web-resource-name>
<description/>
<url-pattern>/protected/pages/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>megaAppAdmin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MegaRealm</realm-name>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/public/pages/forbidden.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>megaAppUser</role-name>
</security-role>
<security-role>
<role-name>megaAppAdmin</role-name>
</security-role>
<welcome-file-list>
<welcome-file>protected/pages/bookSearch.xhtml</welcome-file>
</welcome-file-list>
</web-app>
The security constraints defined in Mega App defines the following rules:
1.
Both
MegaAppUser
and
MegaAppAdmin
can access all the resources under
/protected/
directory.
2.
Only
MegaAppAdmin
can access all the resources under
/protected/pages/admin/
directory.
3.
login.xhtml
is the form login page.
4.
If a user is not authorized, the user will be directed to
forbidden.xhtml
page.
The default welcome page for the logged-in user is the topic search page (
bookSearch.xhtml
) page.
As you know from Chapter 10, roles defined in the application's web.xml must be mapped to groups defined
on the application server. For GlassFish, we can define the mapping between role and group in a configuration file
(
glassfish-web.xml
) as shown in Listing 13-36.
Listing 13-36.
glassfish-web.xml File
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1
Servlet 3.0//EN" "
http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd
"
>
<glassfish-web-app error-url="">
