2.10 Providing Security 81
Core Warning
These protections apply only to direct client access. The security model
does not apply to pages accessed by means of a RequestDispatcher
or jsp:forward.
auth-constraint
Whereas the web-resource-collection element designates which URLs
should be protected, the auth-constraint element designates which users
should have access to protected resources. It should contain one or more
role-name elements identifying the class of users that have access and,
optionally, a description element describing the role. All role names that
appear in web.xml specified with the role-name subelement of the
auth-constraint element must be globally declared under the security-
role element. The security-role element goes directly under the
web-app element. It contains one or more role-name subelements. For
instance, the following part of the security-constraint element in
web.xml states that only users who are designated as either Administrators or
Big Kahunas (or both) should have access to the designated resource.
...
administrator
kahuna
administrator
kahuna
It is important to realize that this is the point at which the portable portion of
the process ends.
Pages:
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122