Stack Overflow
Stack Overflow

Questions tagged [security-constraint]

A security constraint define the access privileges to a collection of resources using their URL mapping.

A security constraint includes an authorization constraint that specifies whether users can access the path.

The following subelements can be part of a security-constraint:

  • Web resource collection,

    A list of URL patterns (the part of a URL after the host name and port you want to constrain) and HTTP operations (the methods within the files that match the URL pattern you want to constrain) that describe a set of resources to be protected. Web resource collections are discussed in Specifying a Web Resource Collection.

  • Authorization constraint,

    Specifies whether authentication is to be used and names the roles authorized to perform the constrained requests. For more information about authorization constraints, see Specifying an Authentication Mechanism in the Deployment Descriptor.

  • User data constraint.

    Specifies how data is protected when transported between a client and a server. User data constraints are discussed in Specifying a Secure Connection.

Read more at: Specifying Security Constraints at Oracle site.

87 questions
29
votes
2 answers

Is security-constraint configuration for Tomcat mandatory?

In order to do an SSL Configuration testing under Tomcat, is this all mandatory? This below line is taken from a website: In order to do this for our test, take any application which has already been deployed successfully in Tomcat and first access…
Pawan
  • 31,545
  • 102
  • 256
  • 434
27
votes
3 answers

Whitelist security constraint in web.xml

I'm using Tomcat for my Struts2 application. The web.xml has certain entries as shown below: restricted methods /*
Mike
  • 7,606
  • 25
  • 65
  • 82
14
votes
2 answers

Security constraint in web.xml not getting applied to URL patterns having file extension

I have the following security constraints entered in the web.xml. My objective is that the XML files are in the Public area. This works for the /images/* folder. However the url-pattern *.xml does not seem to work. Any ideas ? …
mithrandir
  • 1,323
  • 4
  • 18
  • 39
11
votes
2 answers

Disabling PUT TRACE DELETE request in Apache Tomcat 6.0

I need to disable PUT, DELETE & TRACE HTTP requests on my Application Server, Apache Tomcat 6.0. All other sources, i have searched till now, have directed me towards the limit parameter in httpd.conf, Hence I'd put it before-hand that I am not…
M.N
  • 10,899
  • 13
  • 47
  • 49
11
votes
3 answers

tomcat security-constraint impact cache

I have a problem in caching my application. when this code is added to web.xml of tomcat : HTTPSOnly /*
Espadax4
  • 133
  • 8
7
votes
2 answers

Precedence of security-constraint over filters in Servlets

While studying about security-constraints and filters in servlets, I made the following declarations in the web.xml file, which didn't work as I expected:
a.u.r
  • 1,253
  • 2
  • 21
  • 32
6
votes
1 answer

Wildfly web.xml security constraint blocking basic auth header for JAX-RS methods using ContainerRequestFilter

The web application I'm developing consists of some servlets and also JAX-RS webservices. Until now, I was using a ContainerRequestFilter to authenticate the REST method calls but now I also need to secure the servlets so I decided to use web.xml to…
PawelPredki
  • 754
  • 1
  • 12
  • 26
6
votes
1 answer

Multiple security-constraints in web.xml not working

I am upgrading a web application (Servlet 3.0 / Tomcat 7) that requires basic authentication on most of its pages. This application has a small set of monitoring servlets, none of which should be protected. In my web.xml, I currently have the…
Patrick Garrity
  • 250
  • 2
  • 4
  • 10
6
votes
3 answers

Tomcat security constraint for valid user

I'm trying to protect a resource in tomcat so that only "valid users" (those with a valid login and password in the realm) can access it. They do not necessarily belong to a group in the realm. I have tried with many combinations of the…
Ricardo Marimon
  • 10,339
  • 9
  • 52
  • 59
5
votes
3 answers

How to use htpasswd protection in Tomcat?

I have already created a user database file using Apache's htpasswd command. This file is now used by several other application like apache and subversion. Users in are created like this: htpasswd /path/to/users.htpasswd peter This user file is…
Juha Syrjälä
  • 33,425
  • 31
  • 131
  • 183
5
votes
1 answer

XML shown as plain text after ajax redirect on security constraint in WildFly

I've got this weird problem with ajax redirect on a security constraint: When an ajax call is made (by clicking on a sortable p:dataTable column or when a p:poll triggers) on a role-secured page after my session timed out, a…
Xavier Dury
  • 1,530
  • 1
  • 16
  • 23
4
votes
1 answer

jBoss CORS support with security constraints

I'm adding authentication to my API using the web-common security constraints, but it seems to have broken my CORS filter. I've previously had it working with just the filter and no app server level authentication. The basic idea is to require…
Mark
  • 816
  • 1
  • 9
  • 27
4
votes
2 answers

Restrict JSP/Servlet access to specific users only

I'm developing a web app. I'd like to be able to let some friends see it, but not others that stumble upon the url. I was going to put a landing page and then a simple password box. Once the correct password is entered, I'd just record it in the…
user246114
  • 50,223
  • 42
  • 112
  • 149
4
votes
1 answer

and the * character within web.xml

Useing Spring for Security, I can get the program running using the following code.
user3646347
  • 41
  • 1
  • 1
  • 3
4
votes
2 answers

How to secure Solr to allow SELECT request to only users and disallow anything else?

This is what I have done so far to secure my SOLR application. In SOLR's web.xml file I'm trying to do the following Allow /select request to only user or admin requests. Disallow every other request to SOLR other then admin. I've added security…
user794783
  • 3,619
  • 7
  • 36
  • 58
1
2 3 4 5 6