JavaWeb的SecurityConstraint配置.docVIP

Java Web 的 Security Constraint 配置 2010-02-22 11:30 security-constraint 的子元素 http-method 是可选的，如果没有 http-method 元素，这表示将禁止所有 HTTP 方法访问相应的资源。 子元素 auth-constraint 需要和 login-config 相配合使用，但可以被单独使用。如果没有 auth-constraint 子元素，这表明任何身份的用户都可以访问相应的资源。也就是说，如果 security-constraint 中没有 auth-constraint 子元素的话，配置实际上是不起中用的。如果加入了 auth-constraint 子元素，但是其内容为空，这表示所有身份的用户都被禁止访问相应的资源。 web.xml 中的代码 Xml代码 security-constraint display-name baseporject/display-name web-resource-collection web-resource-namebaseproject/web-resource-name url-pattern*.jsp/url-pattern url-pattern*.do/url-pattern http-methodGET/http-method http-methodPUT/http-method http-methodHEAD/http-method http-methodTRACE/http-method http-methodPOST/http-method http-methodDELETE/http-method http-methodOPTIONS/http-method /web-resource-collection auth-constraint description baseproject/description role-nameAll Role/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config security-constraint display-name baseporject/display-name web-resource-collection web-resource-namebaseproject/web-resource-name url-pattern*.jsp/url-pattern url-pattern*.do/url-pattern http-methodGET/http-method http-methodPUT/http-method http-methodHEAD/http-method http-methodTRACE/http-method http-methodPOST/http-method http-methodDELETE/http-method http-methodOPTIONS/http-method /web-resource-collection auth-constraint description baseproject/description role-nameAll Role/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-configXml代码 !--四种验证方式,附在最后有说明-- auth-methodFORM/auth-method form-login-config form-login/login.html/form-login form-error/error.html/form-error /form-login-config /login-config security-role role-nameAll Role/role-name /security-role !--四种验证方式,附在最后有说明-- auth-methodFORM/auth-method form-login-config