Show TOC

 Specifying Security ConstraintsLocate this document in the navigation structure

Use

You specify security constraints to a set of Web application's resources by restricting access to them only to certain security principals. That is, only authorized users can call resources from this set. You define the set of resources by either specifying a URL pattern, or specifying one or more HTTP methods that can be executed by authorized users only. If you use URL patterns to define the Web resources, each HTTP request that contains that pattern is subject to the security constraint you defined. Similarly, subject to constraint is any request that attempts to perform the HTTP method that you have specified in the constraint.

You specify the security constraints in the web.xml descriptor of your Web application.

Prerequisites

In order to specify authorization constraints for the corresponding set of Web resources, you must have defined security roles for that Web application as described in Defining Web Applications Security Roles .

Procedure

On the web.xml screen, proceed as follows:

  1. 1.      Open the Security Constraints screen.
  2. 2.      To add a new security constraint definition, choose Add.
  3. 3.      Enter the name of your constraint in the Display Name field under the General tab.
  4. 4.      To define a new set of Web application resources to apply the constraint to, select Web Resource Collection tab and proceed as follows within it:
    1. a.      Choose Add to add a new Web resource collection entry.
    2. b.      Enter the name of the resource collection in the Web Resource Name field.
    3. c.      To define the set of Web application resources as a URL pattern, choose Add from the URL Patterns pane and then enter the URL pattern itself in the Name field. You can use multiple URL patterns to define the set of protected Web resources. The URL patterns are specified relative to the Web application's root.
    4. d.      To define the set of Web application resources using HTTP methods, choose Add from the HTTP Methods pane and then select the methods from the Choose HTTP methods screen that appears.
    5. e.      Optionally, enter a description of the Web resources collection that you have just defined in the Description field.
  5. 5.      To define the authorization constraint to the set of Web application resources that you defined on the previous step, select the Auth Constraint tab and proceed as follows within it:
    1. a.      To add a new security role, choose Add in the Role Names pane.
    2. b.      Choose the security role from the list on the Choose role-names screen that appears.
    3. c.      Optionally, enter a description of the authorization constraint you defined in the Description field.
  6. 6.      To define requirements for the communication layer between the client and your application, concerning the protected set of Web resources, select the General tab and proceed as follows in the User Data Constraint pane:
    1. a.      Choose the requirements for the communication protocol from the Transport Guarantee dropdown list box. The possible values have the following meaning:
      Value Description

      NONE

      There are no requirements for the transport protocol.

      INTEGRAL

      The transport protocol must guarantee that the data cannot be changed during transmission.

      CONFIDENTIAL

      The transport protocol must guarantee that the data cannot be read during transmission.
    2. b.      Optionally, enter description of the requirements to the communication layer that you have just defined in the Description field.