Stack Overflow
Stack Overflow

Questions tagged [security-constraint]

A security constraint define the access privileges to a collection of resources using their URL mapping.

A security constraint includes an authorization constraint that specifies whether users can access the path.

The following subelements can be part of a security-constraint:

  • Web resource collection,

    A list of URL patterns (the part of a URL after the host name and port you want to constrain) and HTTP operations (the methods within the files that match the URL pattern you want to constrain) that describe a set of resources to be protected. Web resource collections are discussed in Specifying a Web Resource Collection.

  • Authorization constraint,

    Specifies whether authentication is to be used and names the roles authorized to perform the constrained requests. For more information about authorization constraints, see Specifying an Authentication Mechanism in the Deployment Descriptor.

  • User data constraint.

    Specifies how data is protected when transported between a client and a server. User data constraints are discussed in Specifying a Secure Connection.

Read more at: Specifying Security Constraints at Oracle site.

87 questions
1
vote
0 answers

Tomcat security-constraint url-pattern not working

I have been trying to get authentication in a project of mine but it seems like the url-pattern in Tomcat's security-constraint either only accepts '/*' or any other root level pattern - meaning - I can "protect" all pages using…
HenriqueMS
  • 3,864
  • 2
  • 30
  • 39
1
vote
0 answers

Can we use white spaces in for inside web.xml?

It is part of web.xml from app which runs on JBoss /*
Valdermeyder Hussar
  • 119
  • 7
1
vote
1 answer

security constraint doesn't open pages via HTTPS

i want some of my pages to be opened securely. most of those pages are started with the name "my_Account_" as example one of those page is "my_account_add_credit_card.xhtml" in order to do this i have put below code in to…
user2567005
  • 271
  • 1
  • 13
  • 27
1
vote
0 answers

How do I skip security-constraint?

I am working on an integrated solution, where we integrate multiple products under a single layer. This layer takes care of the user authentication and acts as a single window through which I can access all the underlying products. I am done with…
Shankar Narayanan
  • 37
  • 1
  • 5
1
vote
2 answers

App Engine Security Constraint

I am building a small app engine project connected to Android and Iphone devices. I want only the users who has the Google account has to access my http://myuser.appspot.com... Whenever they post something, I want to grab their gmail id and…
Ramesh Sangili
  • 1,633
  • 3
  • 17
  • 31
1
vote
1 answer

When logging into my Java web app, I'm directed to the CSS used by the login form, how to fix this?

I have a Java web app which consists of a variety of a servlets and JSPs -- examples: controller servlet /controller?abc=123&xyz=567, some other servlets /showDocument?docid=55, and some direct access to JSPs, /userDetails.jsp. I have enabled web…
user550738
0
votes
1 answer

Dynamic security constraint configuration in Java web.xml

I currently have a REST API that must be authenticated via BasicAuth, but later some other method. It's setup in Tomcat 6 with realms and I have the following in my web.xml,
wsams
  • 2,499
  • 7
  • 40
  • 51
0
votes
0 answers

programmatically Tomcat

I ask help for a question similar to "UPDATE" section in this question How to programmatically setup a in Servlets 3.x? ... I want to set programmatically, in a java class, some web.xml tags. In particular i have to define this…
Domenico Russo
  • 1
  • 1
0
votes
0 answers

Unable to change namespace label in Openshift cluster

I am trying to create a namespace on 4.12 Openshift cluster for my e2e. I use below lines of code f := framework.NewDefaultFramework("ics-e2e-pods") f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged var ( cs …
ambikanair
  • 4,004
  • 11
  • 43
  • 83
0
votes
0 answers

i would like to apply security constraints ,that allows only http methods like Get ,post only

Case : 1 I used following .xml config in web.xml in servlets based Still when i am trying to test it , other than get and post also allowed. Can some suggest me the better approch for servlet based web application.
Clay Jensen
  • 43
  • 2
0
votes
1 answer

How to set auth role programically for tomcat 8.5

I have the following config web.xml Login Security Constraint Login Protection
zackhalil
  • 455
  • 3
  • 14
0
votes
0 answers

How Can I Hide / Encrypted my Python(Django or Flask) sourcecode from Clients?

I want to hide my source code from my clients. because only buy the license of my software. Anyone would like to share the Idea of hiding python source code hiding. If anyone know about this please help me. Thanks in advance.
MD. SHIFULLAH
  • 913
  • 10
  • 16
0
votes
2 answers

Mapping role-names to from roles

I configured a LDAP realm for tomcat 7. It searches for someone in the group users, once found will authenticate them and allow them to access the application. This is my realm:
C. Smith
  • 172
  • 1
  • 4
  • 16
0
votes
1 answer

Role-names available on Google App Engine

I'm developing an admin page for my webpage. I'm using GAE and security-constraints. I would like to know which role-name are available and how I can define which Google Accounts could access a specific page.
Rodrigo Borba
  • 1,334
  • 1
  • 14
  • 21
0
votes
2 answers

tomcat 7 web.xml hierarchy - users and roles - java servlet

I'm trying to get familiar with TomEE, or at least TomCat 7 that is used in an older application I'm currently working. In the tomcat location there is a web.xml. As far as I understood this is used for all servlets that have no own web.xml, right?…
flix
  • 15
  • 4
1 2 3
4
5 6