Giriş
web-resource-collection korunması gereken adresleri gösterir. Açıklaması şöyle
Each <security-constraint> element must have one or more <web-resource-collection> elements. These define the area of the Web Application to which this security constraint is applied.
auth-constraint bu kaynaklara erişebilecek rolleri gösterir
roller security-role ile tanımlanır
Örnek
Uygulamanın mutlaka TSL kullanması için user-data-constraint içinde şöyle yaparız
Örnek
Şöyle yaparız.
Uygulamanın mutlaka TSL kullanması için user-data-constraint içinde şöyle yaparız
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Örnek
Şöyle yaparız.
<security-constraint>
<web-resource-collection>
<url-pattern>/rest/readyToLand</url-pattern>
<url-pattern>/LoginSuccess.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Administrator</role-name>
<role-name>allAuthenticatedUsers</role-name>
</auth-constraint>
</security-constraint>
<security-role id="SecurityRole_1">
<description>Administrator role</description>
<role-name>Administrator</role-name>
</security-role>
<security-role id="SecurityRole_2">
<description>Any Role</description>
<role-name>allAuthenticatedUsers</role-name>
</security-role>
Hiç yorum yok:
Yorum Gönder