About Question enthuware.jwpv6.2.843 :

Moderator: admin

Post Reply
siarhei
Posts: 8
Joined: Wed Nov 25, 2015 1:41 am
Contact:

About Question enthuware.jwpv6.2.843 :

Post by siarhei »

Although it's required by the specification, practically it's vendor specific rule.
As example I used Apache Tomcat 8.5.11 and configured its realm to use tomcat-users.xml file where some roles and userNames are listed as following:

Code: Select all

<role rolename="tomcat"/>
After that it's possible to use in your DD this roleName directly like this:

Code: Select all

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Context Parameters</web-resource-name>
        <url-pattern>/contextParameters.jsp</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>tomcat</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>INTEGRAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest