16 Aralık 2021 Perşembe

Servlet web.xml security-constraint Tag

Giriş
web-resource-collection korunması gereken adresleri gösterir. Açıklaması şöyle
Each <security-constraint> element must have one or more <web-resource-collection> elements. These define the area of the Web Application to which this security constraint is applied.
auth-constraint bu kaynaklara erişebilecek rolleri gösterir
roller security-role ile tanımlanır

Örnek
Uygulamanın mutlaka TSL kullanması için user-data-constraint içinde şöyle yaparız
<security-constraint>
  <web-resource-collection>
    <web-resource-name>securedapp</web-resource-name>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>

  <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>

</security-constraint>

Örnek
Şöyle yaparız.
<security-constraint>
  <web-resource-collection>
    <url-pattern>/rest/readyToLand</url-pattern>
    <url-pattern>/LoginSuccess.jsp</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
    <role-name>Administrator</role-name>
    <role-name>allAuthenticatedUsers</role-name>
  </auth-constraint>
</security-constraint>
<security-role id="SecurityRole_1">
  <description>Administrator role</description>
  <role-name>Administrator</role-name>
</security-role>
<security-role id="SecurityRole_2">
  <description>Any Role</description>
  <role-name>allAuthenticatedUsers</role-name>
</security-role>

Hiç yorum yok:

Yorum Gönder

Bean Validation @GroupSequence Anotasyonu

Örnek Elimizde şöyle bir kod olsun public class SampleRequest {   @NotNull   LocalDate startDate;   @NotNull   LocalDate endDate;   @AssertT...