| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| |
| Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved. |
| |
| This program and the accompanying materials are made available under the |
| terms of the Eclipse Public License v. 2.0, which is available at |
| http://www.eclipse.org/legal/epl-2.0. |
| |
| This Source Code may also be made available under the following Secondary |
| Licenses when the conditions for such availability set forth in the |
| Eclipse Public License v. 2.0 are satisfied: GNU General Public License, |
| version 2 with the GNU Classpath Exception, which is available at |
| https://www.gnu.org/software/classpath/license.html. |
| |
| SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 |
| |
| --> |
| |
| <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee web-app_3_1.xsd" version="3.1"> |
| |
| <display-name>jaccmr8</display-name> |
| <distributable></distributable> |
| |
| <!-- Protect HTTP methods that are not stated in the security constraints --> |
| <deny-uncovered-http-methods></deny-uncovered-http-methods> |
| |
| <!-- See URL patterns on @WebServlet annotation |
| <servlet> |
| <servlet-name>Servlet</servlet-name> |
| <servlet-class>org.glassfish.jacc.test.mr8.Servlet</servlet-class> |
| </servlet> |
| |
| <servlet-mapping> |
| <servlet-name>Servlet</servlet-name> |
| <url-pattern>/authuser</url-pattern> |
| </servlet-mapping> |
| <servlet-mapping> |
| <servlet-name>Servlet</servlet-name> |
| <url-pattern>/anyauthuser</url-pattern> |
| </servlet-mapping> |
| --> |
| |
| <security-constraint> |
| <web-resource-collection> |
| <web-resource-name>authuser</web-resource-name> |
| <url-pattern>/authuser</url-pattern> |
| <http-method>GET</http-method> |
| <http-method>POST</http-method> |
| </web-resource-collection> |
| <auth-constraint> |
| <role-name>javaUsers</role-name> |
| </auth-constraint> |
| </security-constraint> |
| <security-constraint> |
| <web-resource-collection> |
| <web-resource-name>anyauthuser</web-resource-name> |
| <url-pattern>/anyauthuser</url-pattern> |
| <http-method>GET</http-method> |
| <http-method>POST</http-method> |
| </web-resource-collection> |
| <auth-constraint> |
| <role-name>**</role-name> |
| </auth-constraint> |
| </security-constraint> |
| <security-constraint> |
| <web-resource-collection> |
| <web-resource-name>star</web-resource-name> |
| <url-pattern>/star</url-pattern> |
| <http-method>GET</http-method> |
| <http-method>POST</http-method> |
| </web-resource-collection> |
| <!-- Will not include any authenticated user unless declared as security-role --> |
| <auth-constraint> |
| <role-name>*</role-name> |
| <role-name>**</role-name> |
| </auth-constraint> |
| </security-constraint> |
| <security-constraint> |
| <web-resource-collection> |
| <web-resource-name>denyuncoveredpost</web-resource-name> |
| <url-pattern>/denyuncoveredpost</url-pattern> |
| <http-method>GET</http-method> |
| </web-resource-collection> |
| </security-constraint> |
| |
| <security-role> |
| <role-name>javaUsers</role-name> |
| </security-role> |
| </web-app> |