Stack Overflow
Stack Overflow

Questions tagged [security-constraint]

A security constraint define the access privileges to a collection of resources using their URL mapping.

A security constraint includes an authorization constraint that specifies whether users can access the path.

The following subelements can be part of a security-constraint:

  • Web resource collection,

    A list of URL patterns (the part of a URL after the host name and port you want to constrain) and HTTP operations (the methods within the files that match the URL pattern you want to constrain) that describe a set of resources to be protected. Web resource collections are discussed in Specifying a Web Resource Collection.

  • Authorization constraint,

    Specifies whether authentication is to be used and names the roles authorized to perform the constrained requests. For more information about authorization constraints, see Specifying an Authentication Mechanism in the Deployment Descriptor.

  • User data constraint.

    Specifies how data is protected when transported between a client and a server. User data constraints are discussed in Specifying a Secure Connection.

Read more at: Specifying Security Constraints at Oracle site.

87 questions
0
votes
1 answer

Websphere extendedDocumentRoot how to restrict by security role

We are using Websphere 8.5.5 Traditional I have added an extended document root to Websphere's ibm-web-ext.xml file and set file sharing to true.
Doug
  • 390
  • 8
  • 20
0
votes
2 answers

JSP Tomcat security-constraint always fails

I have the following in my web.xml /* rolename
Kevin Orriss
  • 471
  • 1
  • 4
  • 13
0
votes
1 answer

Display menu items depending on user roles defined in web.xml

I have my own realm classes extends AppservPasswordLoginModule and AppservRealm where I get user and roles from my own table in database. In web.xml I defined access to pages and it works. I have some mechanism to read main menu from my menu.xml…
witek
  • 189
  • 15
0
votes
1 answer

Additional logic to jboss realm

Current setup of application is JSF with JBoss server. I would like to include additional logic along to existing realm authetication which navigates to login failed page. Looking for something that invalidate successful pricinpal from Realm(java).…
Smolda
  • 882
  • 5
  • 13
  • 34
0
votes
0 answers

JSF show page after get request

i have a problem while session expired and i make GET request, instead page i see xml file. How i can colve this problem ?
George Vassilev
  • 129
  • 10
0
votes
1 answer

Port not redirected in embedded tomcat

I have a situation where i need to redirect requests from a non SSL port to an SSL port. I came up with the following code but it doesn't seem to redirect. baseConnector = tomcat.getConnector(); if (sslEnabled) { sslConnector = new…
sai venkatesh
  • 23
  • 5
0
votes
1 answer

Access to servlet protected by security-constraint from server-side code

I am running a java application on google app engine. I protected my admin servlets with a security constraint: tasks
jan
  • 3,923
  • 9
  • 38
  • 78
0
votes
1 answer

Digest Authentication with CORS at Tomcat

Right now i am building a rest api running at a Tomcat 8 which is using the CorsFilter of Apache to allow Cross Domain Requests which i set at my web.xml like that: CorsFilter
Andi
  • 131
  • 1
  • 10
0
votes
1 answer

Spring Boot HTTPS and redirect

I am using Spring STS with Pivotal 3.1 server (ports 8080 and 8443) I have also a separate tomcat 7 instance on the box which runs on 80 and 443. I use Spring Boot 1.2.4 release. I would like the application to automatically redirect all requests…
Adrian Sosialuk
  • 53
  • 1
  • 4
0
votes
1 answer

TAI not invoking instead it is prompting for Default realm websphere

We are trying to use TAI interceptor, same application working fine with single node cluster but in case of multi node cluster it is not getting invoke the TAI instead it is prompting for Default realm credentials. Here is the isTargetInterceptor…
srinivas-sri
  • 11
  • 4
0
votes
1 answer

how to exclude special users from security check validation in restful webservice

I am using rest web-service to fetch file path. Here i a using security context to provide some extra security. I used validation about logged-in user must be same as user name specified in web service URL (security check). But i have one special…
Kaustubh Khare
  • 3,280
  • 2
  • 32
  • 48
0
votes
1 answer

How to stop drect access to my jsp page even when i am using security-constraint in web.xml in struts 1.2

I am using struts 1.2 and using global-forwards to access my jsp files and had also put security constraint in my web.xml file even after putting /pages/* in security constraint i can control direct access to my jsp's through url…
Shashank
  • 93
  • 1
  • 6
0
votes
1 answer

302 server redirection - 'Location' header URL gets changed from HTTP to HTTPS

I have a Java web app running on Tomcat and am trying to perform a 302 redirection. The problem is: original request URL uses HTTPS. I want the redirect URL to use HTTP instead: response.setHeader('Location', 'http://www.google.com'); For some…
Filipe Castro
  • 1
  • 1
0
votes
0 answers

Adding security-constraint in web.xml is blocking access to all resources

I am trying to block unused http methods (OPTIONS,TRACE,DELETE) using web.xml security constraint element. But it is blocking all the existing resources and throwing 302 response. My web.xml is shown below.
jack
  • 49
  • 9
0
votes
1 answer

Override Tomcat basic authentication

I'm trying to write a Web-based Setup for my Webapplication (Mainly setting up the database). But because i am using DIGEST authentication for all Servlets i'm having a problem there. I want to be able to ask the user to enter his mysql password,…
Kendoha
  • 99
  • 11
1 2 3 4
5
6