InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.8: Administering Web modules (overview) >
6.6.8.0: Web module properties >
6.6.8.0.4: Assembly properties for security constraints
6.6.8.0.4: Assembly properties for security constraints
Security constraints declare how Web content is to be protected.
These properties associate security constraints with one or more Web resource
collections. A constraint consists of a Web resource collection, an
authorization constraint, and a user data constraint.
- A Web resource collection is a set of resources (URL patterns) and HTTP
methods on those resources. All requests that contain a request path
that matches the URL pattern described in the Web resource collection is
subject to the constraint. If no HTTP methods are specified, then the
security constraint applies to all HTTP methods.
- An authorization constraint is a set of roles that users must be granted
in order to access the resources described by the Web resource
collection. If a user who requests access to a specified URI is not
granted at least one of the roles specified in the authorization constraint,
the user is denied access to that resource.
- A user data constraint indicates that the transport layer of the
client/server communications process must satisfy the requirement of either
guaranteeing content integrity (preventing tampering in transit) or
guaranteeing confidentiality (preventing reading while in transit).
If multiple security constraints are specified, the container uses the
"first match wins" rule when processing a request to determine what
authentication method to use, or what authorization to allow.
- Security constraint name
- Specifies the name of the security constraint.
- Authorization Constraints - Roles
- Specifies the user roles that are permitted access to this resource
collection.
- Authorization Constraints - Description
- Contains a description of the authorization constraints.
- User Data Constraints - Transport guarantee
- Indicates how data communicated between the client and the server is to be
protected. Specifies that the protection for communications between the
client and server is None, Integral, or Confidential. None means that
the application does not require any transport guarantees. Integral
means that the application requires that the data sent between the client and
the server must be sent in such a way that it cannot be changed in
transit. Confidential means that the application requires that the data
must be transmitted in a way that prevents other entities from observing the
contents of the transmission. In most cases, Integral or Confidential
indicates that the use of SSL is required.
- User Data Constraints - Description
- Contains a description of the user data constraints.
|
|