Security constraints specify which set of resources are to be protected by the security role you created for your application. In addition, you can specify the level of transport layer security that is required when accessing this set of resources.
When specifying the security constraints, you need to consider the following:
You need to determine the set of resources that are to be protected. For this purpose, you specify a URL pattern.
You can also specify which HTTP methods are to be restricted. For example, you can specify that the HTTP POST method underlies the security constraint.
You then specify an authorization constraint, which specifies the security role that a user must be assigned to in order to access this set of resources.