Questions tagged [security-constraint]

A security constraint define the access privileges to a collection of resources using their URL mapping.

A security constraint includes an authorization constraint that specifies whether users can access the path.

The following subelements can be part of a security-constraint:

Web resource collection,

A list of URL patterns (the part of a URL after the host name and port you want to constrain) and HTTP operations (the methods within the files that match the URL pattern you want to constrain) that describe a set of resources to be protected. Web resource collections are discussed in Specifying a Web Resource Collection.
Authorization constraint,

Specifies whether authentication is to be used and names the roles authorized to perform the constrained requests. For more information about authorization constraints, see Specifying an Authentication Mechanism in the Deployment Descriptor.
User data constraint.

Specifies how data is protected when transported between a client and a server. User data constraints are discussed in Specifying a Secure Connection.

Read more at: Specifying Security Constraints at Oracle site.

87 questions

votes

1 answer

Tomcat and Jaas authentication servlet in a form-based security constraint

I have a security constraint that covers some pages in my web application. The authentication is made with JAAS and form, and it works fine. (I've successfully implemented my LoginModule). However I need an alternate authentication via…

asked Jun 13 '14 at 12:57

Stefano Vercellino

votes

0 answers

To Show restricted links on Homepage based on the username we get from siteminder

We have siteminder authentication and I am able to fetch the screenname(username) from the siteminder. Now I have to create groups based on the screennames. The groups will be Admin and Others. If the screenname is under admin group , it will be…

java jsp servlets siteminder security-constraint

asked May 07 '14 at 13:10

user3536982

votes

2 answers

Blocking direct URL access in JSF web application

In my project, I want to restrict direct URL access in my JSF web application. Although I found it on the web that give suggestions to configure security constraints in web.xml.

Restrict raw XHTML…

jsp jsf security-constraint

asked Sep 13 '13 at 08:28

Eido Shack

votes

1 answer

Can tag in web.xml be dynamically generated or written outside web.xml?

I met a problem, I want to set the tag of security-constraint according to my configuration file dynamically, but I can't do it. So I hope tag in web.xml can be dynamically generated or written outside web.xml. Thanks a lot for your help!

web.xml security-constraint

asked Jul 27 '13 at 19:45

Johny Sun

votes

1 answer

HTTP 403 when attempt to perform Action

I've got an action on form

…

jsp tomcat servlets security-constraint

asked Jul 24 '13 at 21:16

lapots

12,553
32
121
242

votes

1 answer

Single request to jetty interpreted twice with http error code 401

When I send GET http requests to an EJB served by jetty, I often get a 401 response even though the auth parameters are correct. When I look into jetty logs I see this : 2013-06-27 11:54:11.004:DBUG:oejs.Server:REQUEST /app/general/launch on…

rest authentication jetty security-constraint

asked Jun 27 '13 at 10:17

Jerec TheSith

1,932
4
32
41

votes

2 answers

Declarative security for java ee application

I'm creating a web application using Java ee. I have a glassfish v4 server and right now I'm trying to get the security to work by specifying security constraints in my web.xml file. My application is called linkUI, and I wanted to try to create a…

jakarta-ee security-constraint glassfish-4

asked Jun 19 '13 at 09:07

numfar

1,637
4
18
39

votes

1 answer

Security-constraint web.xml url-pattern safety

I was wondering if the following configuration would be safe: Webpages accessible at locations /ManageXXXX.do, /ManageYYYY.do, ... should only be able to be accessed by admin role, every other page is available to anyone. I have configured the…

apache tomcat struts web.xml security-constraint

asked May 23 '13 at 09:58

arnehehe

1,386
1
17
33

votes

1 answer

How to enforce https connection for all sub locations? JAX-RS JBoss

The following section should enforce all clients to use a https connection.

securedapp

/* …

ssl jboss jax-rs enforcement security-constraint

asked May 05 '13 at 14:34

My-Name-Is

4,814
10
44
84

votes

1 answer

authentication via the security-constraint in the web.xml except for localhost

Within the web.xml of a Java EE Servlet Container (Tomcat, Glassfish etc.) I can set a security constraint to restrict the access to a certain resource. Is it possible to make a distinction between access from localhost and all the others? I want to…

authentication glassfish localhost web.xml security-constraint

asked Oct 25 '12 at 14:30

Andreas

votes

1 answer

Apache Tomcat Security

I'm almost getting close to finishing my configuration of Tomcat. The trouble I'm having is in regard to both my client application and my browser. I want that when a user accesses Tomcat with his browser, that it can only access through https, so…

java tomcat apache-axis rampart security-constraint

asked Jun 20 '12 at 18:46

nmmsantos

votes

1 answer

Filtering requests involving security-constraints

I have a Java web application that uses security-constraints to lock down access to resources. I'm trying to manipulate the HTTP 401 response when authentication is required for Ajax requests, so I've created a filter that observes the HTTP status…

java ajax authentication servlet-filters security-constraint

asked Apr 27 '12 at 18:58

brabster

42,504
27
146
186

Prev 1 2 3 4 5