Use Case:3 We would like to exclude
a set of web resources from any access. This can arise when a certain
portion of the web application needs to undergo some form of maintenance
or is not applicable for a particular physical deployment of a generic
web application. We will achieve this with authorization constraints
that specify no roles.
<security-constraint>
<display-name>excluded</display-name>
<web-resource-collection>
<web-resource-name>No Access</web-resource-name>
<url-pattern>/excluded/*</url-pattern>
<url-pattern>/restricted/employee/excluded/*</url-pattern>
<url-pattern>/restricted/partners/excluded/*</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>No Access</web-resource-name>
<url-pattern>/restricted/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint />
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
No comments:
Post a Comment