In this section, we will look at specifying the security constraints for multiple use cases.
Use Case1: We would like to define a set of web resources that will have unchecked access. We will achieve this by omitting the authorization constrainsts (auth-constraint element).
Use Case1: We would like to define a set of web resources that will have unchecked access. We will achieve this by omitting the authorization constrainsts (auth-constraint element).
<security-constraint>
<web-resource-collection>
<web-resource-name>All Access</web-resource-name>
<url-pattern>/unchecked/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
No comments:
Post a Comment