Security constraints in web applications

Security constraints determine how web content is to be protected.

These properties associate security constraints with one or more web resource collections. A constraint consists of a web resource collection, an authorization constraint and a user data constraint.
  • A web resource collection is a set of resources (URL patterns) and HTTP methods on those resources. All requests that contain a request path that matches the URL pattern described in the web resource collection are subject to the constraint. If no HTTP methods are specified, then the security constraint applies to all HTTP methods.
  • An authorization constraint is a set of roles that users must be granted in order to access the resources described by the web resource collection. If a user who requests access to a specified Uniform Resource Identifier (URI) is not granted at least one of the roles specified in the authorization constraint, the user is denied access to that resource.
  • A user data constraint indicates that the transport layer of the client or server communications process must satisfy the requirement of either guaranteeing content integrity (preventing tampering in transit) or guaranteeing confidentiality (preventing reading while in transit).
Note: This release of WebSphere® Application Server supports security constraints that are defined in the Java™ Servlet 3.0 specification (JSR-315).

However, if you use the HTTP custom method, see the information in the Security custom properties topic regarding the security.allowCustomHTTPMethods custom property, which differs slightly from its usage in the Java Servlet 3.0 specification.


指出主題類型的圖示 概念主題



時間戳記圖示 前次更新: July 9, 2016 11:11
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=csec_secc
檔名:csec_secc.html