I was trying to grant access to a project for a specific user only, I saw a way within changing web.xml The app is accessible also for all RnD users using LDAP, and it's working very well
I'm trying to block TEST project for other users and only valid for 'USER_X' user but I'm getting forbidden request
Web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Site</web-resource-name>
<url-pattern>/api/v1/search</url-pattern> <!-- protect search endpoint whitelisted above -->
<url-pattern>/api/v1/suggest/*</url-pattern> <!-- protect suggest endpoint whitelisted above -->
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>RnD</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>My Repo</web-resource-name>
<url-pattern>/xref/**TEST**/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>developer</role-name>
</auth-constraint>
</security-constraint>
<role>
<description>My Role</description>
<role-name>developer</role-name>
</role>
<user>
<description>My User</description>
<role-name>developer</role-name>
<username>**USER_X**</username>
</user>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>RnD</role-name>
</security-role>
By localhost_access_log I can user USER_X is getting 403 for TEST access
`- USER_X [09/Jan/2023:13:03:03 +0200] "GET /source/api/v1/suggest/config HTTP/1.1" 200 376
- USER_X [09/Jan/2023:13:03:09 +0200] "GET /source/xref/TEST HTTP/1.1" 403 4525
- USER_X [09/Jan/2023:13:15:03 +0200] "GET /source/ HTTP/1.1" 200 141567
- USER_X [09/Jan/2023:13:15:04 +0200] "GET /source/api/v1/suggest/config HTTP/1.1" 200 376
- USER_X [09/Jan/2023:13:15:14 +0200] "GET /source/xref/TEST HTTP/1.1" 403 4525`
excepting to be accessible for user USER_X
