<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/test/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
呵呵,这个东东的话在TOMCAT中就可以配置的,如果我们在TOMCAT中进入管理员页面的话,这个就是需要进行配置的:
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>HTMLManger and Manager command</web-resource-name>
<url-pattern>/threeparam</url-pattern>
<url-pattern>/hello</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- NOTE: This role is not present in the default users file -->
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/test/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>