Stack Overflow
Stack Overflow

Questions tagged [security-constraint]

A security constraint define the access privileges to a collection of resources using their URL mapping.

A security constraint includes an authorization constraint that specifies whether users can access the path.

The following subelements can be part of a security-constraint:

  • Web resource collection,

    A list of URL patterns (the part of a URL after the host name and port you want to constrain) and HTTP operations (the methods within the files that match the URL pattern you want to constrain) that describe a set of resources to be protected. Web resource collections are discussed in Specifying a Web Resource Collection.

  • Authorization constraint,

    Specifies whether authentication is to be used and names the roles authorized to perform the constrained requests. For more information about authorization constraints, see Specifying an Authentication Mechanism in the Deployment Descriptor.

  • User data constraint.

    Specifies how data is protected when transported between a client and a server. User data constraints are discussed in Specifying a Secure Connection.

Read more at: Specifying Security Constraints at Oracle site.

87 questions
2
votes
1 answer

Define a outside of web.xml (e.g. server-wide)

I would like to apply security constraints for all webapps deployed on a Tomcat7 server. To do this I have set up a Realm and Valve. My understanding is that the contents of context.xml get included for all apps deployed to a server - that part…
cschooley
  • 586
  • 4
  • 10
2
votes
1 answer

Tomcat Realm security-constraint disable for localhost

I have added security-constraint to protect some folders of the app. panel /secured/*
Dima
  • 1,045
  • 14
  • 23
2
votes
0 answers

Appropriate practice for security-constraint in web.xml

I can restrict access to web application through defining (among other things) security-constraint in web.xml. Each security-constraint consist of 1) which contains a set of restricted resources, and 2)
Zbyszek
  • 647
  • 2
  • 8
  • 21
1
vote
0 answers

Httpservletrequest.authenticate() method not sending redirection to login page

My application is running on Websphere application server 9.0.0.9. I have the following security constraints added in the web.xml file of my application. The intention is to secure every request irrespective of whether it needs to be authenticated…
user3724707
  • 13
  • 3
1
vote
0 answers

Why can't any authorizations can access my service even though I already have Security constraint in web.xml?

I have the following security constraints entered in web.xml. Role_TestWs can access my service but no authorization can access my service. I want only Role_TestWs to be able to access my service.
Firm
  • 11
  • 1
1
vote
2 answers

Configuring an exception in web.xml security-constraint

I know there are already other posts similar to my doubt, but the problem is that I could not solve the problem. I have a servlet that must be mapped with the name "passport.jsp", because an external application (can not change the call) makes a…
Daniel Avanzi
  • 11
  • 1
  • 3
1
vote
0 answers

GWT web app throws 503 error when adding security config

I am new to GWT. I want to add security to my existing webapp. This is the content of my web.xml:
Tuan Nguyen
  • 89
  • 1
  • 6
1
vote
0 answers

web.xml, security constraint, where do you declare that a user has x role besides declaring it in web.xml?

Hi I'm just learning about the deployment descriptor and I'm wondering about how whatever is using the security constraint knows whether the user is of a certain role, where do you declare the role for the user? for example in an android…
Ray
  • 29
  • 1
  • 7
1
vote
0 answers

How to bypass security constraints for specific IP addresses

My web application has security configuration in web.xml. It runs on Wildfly and uses ActiveDirectory for sign-on. I want some ipaddress to bypass this security constraints. Is it possible? For instance any request from 100.35.6.124 and 100.35.6.122…
Chris
  • 199
  • 2
  • 13
1
vote
1 answer

Implement a custom ServerAuthModule for JBoss

I need to remember the original URL of the Http Request, then redirect this request to a web form for a user authentication. In case of a successful authentication, the user must be redirected to the original URL just remembered above. I am using…
Alex Mi
  • 1,409
  • 2
  • 21
  • 35
1
vote
2 answers

** not working in web.xml security-contraints

I want to have unrestricted access for /gadgets/{any directory}/css/*. I tried to mention like this UnProtected Area
Riyad Ottayil
  • 21
  • 3
1
vote
1 answer

How to disable Insecure HTTP methods in application in java

I have a web application developed in Restful webservice and java. Iam using Jersey library. My team ran Appscan tool on the application.That tool says Insecure HTTP Methods Enabled on https:///AppName/. EDIT: I would like to know how to disable…
Ravi Godara
  • 497
  • 6
  • 20
1
vote
1 answer

Tomcat https redirect (security-constraint) for different host

I am trying to redirect the calls from http to https so: In my server.xml I have two host: ...
gomes
  • 225
  • 2
  • 11
1
vote
1 answer

How to send message or redirect user when security constraint block access

I have following security constraint in my web.xml Admin Pages Protected Admin Area
Michał Ziembiński
  • 1,124
  • 2
  • 10
  • 31
1
vote
1 answer

What's the difference between auth-constrain and security-role?

What's the difference between: tomcat and: tomcat in a security constraint declaration? For example if I'm defining BASIC…
kenorb
  • 155,785
  • 88
  • 678
  • 743
1 2
3
4 5 6