Thursday, January 12, 2012

Implement Security in Web.xml

Use Case2: HTTP GET operation on a set of web resources should be accessible only by an user with the role "Employee". We will achieve this with the specification of authorization constraints (auth-constraint element with the role-name element).
<security-constraint>
   <display-name>Restricted GET To Employees</display-name>
   <web-resource-collection>
      <web-resource-name>Restricted Access - Get Only</web-resource-name>
      <url-pattern>/restricted/employee/*</url-pattern>
      <http-method>GET</http-method>
   </web-resource-collection>
   <auth-constraint>
      <role-name>Employee</role-name>
   </auth-constraint>
   <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
   </user-data-constraint>
</security-constraint>
Posted by Amit Kumar Mangal at 12:51 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)