Top "Security-constraint" questions

A security constraint define the access privileges to a collection of resources using their URL mapping.

Is security-constraint configuration for Tomcat mandatory?

In order to do an SSL Configuration testing under Tomcat, is this all mandatory? This below line is taken from …

tomcat web.xml security-constraint
Security constraint in web.xml not getting applied to URL patterns having file extension

I have the following security constraints entered in the web.xml. My objective is that the XML files are in …

java servlets web.xml security-constraint
Disabling PUT TRACE DELETE request in Apache Tomcat 6.0

I need to disable PUT, DELETE & TRACE HTTP requests on my Application Server, Apache Tomcat 6.0. All other sources, i …

http tomcat application-server security-constraint
Whitelist security constraint in web.xml

I'm using Tomcat for my Struts2 application. The web.xml has certain entries as shown below: <security-constraint> <…

java tomcat struts2 web.xml security-constraint
How to fix Tomcat access to the requested resouce which has been denied?

Update: The code works correctly when the <auth-constraint> element is removed completely. Can anyone explain why it doesn't …

servlets tomcat7 http-status-code-403 security-constraint
<security-constraint> <url-pattern> and the * character within web.xml

Useing Spring for Security, I can get the program running using the following code. <intercept-url pattern="/web/admin**/**" access="…

war web.xml jboss6.x url-pattern security-constraint
Multiple security-constraints in web.xml not working

I am upgrading a web application (Servlet 3.0 / Tomcat 7) that requires basic authentication on most of its pages. This application has …

tomcat servlets tomcat7 security-constraint
Tomcat security constraint for valid user

I'm trying to protect a resource in tomcat so that only "valid users" (those with a valid login and password …

java tomcat web-applications security-constraint
How to use htpasswd protection in Tomcat?

I have already created a user database file using Apache's htpasswd command. This file is now used by several other …

security tomcat .htpasswd security-constraint
Wildfly web.xml security constraint blocking basic auth header for JAX-RS methods using ContainerRequestFilter

The web application I'm developing consists of some servlets and also JAX-RS webservices. Until now, I was using a ContainerRequestFilter …

java servlets web.xml wildfly security-constraint