Name
<security-constraint>
Synopsis
The
<security-constraint>
element defines how and by whom
resources can be accessed.
Syntax
<security-constraint>
[<display-name [xml:lang="lang"]>displayName</display-name>]*
<web-resource-collection>
<web-resource-name>resName</web-resource-name>
[<description [xml:lang="lang"]>description</description>]*
<url-pattern>urlPattern</url-pattern>+
[<http-method>GET|POST|PUT|DELETE|HEAD|OPTIONS|TRACE</http-method>]
</web-resource-collection>+
[<auth-constraint>
[<description [xml:lang="lang"]>description</description>]*
[<role-name>roleName</role-name>]*
</auth-constraint>]
[<user-data-constraint>
<transport-guarantee>
NONE
|INTEGRAL|CONFIDENTIAL
</ transport-guarantee>
</user-data-constraint>]
</security-constraint>
<security-constraint>
contains a
<web-resource-collection>
subelement that
defines the resources to be protected and an
<auth-constraint>
subelement that defines
who has access to the protected resources. It can also contain a
<user-data-constraint>
subelement that
describes security requirements for the connection used to access the
resource:
<security-constraint> <web-resource-collection> <web-resource-name>admin</web-resource-name> <url-pattern>/admin/*</url-pattern> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</ transport-guarantee> </user-data-constraint> </security-constraint>
Within the <web-resource-collection> ...
Get JavaServer Pages, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.