@ServletSecurity( httpMethodConstraints = <HttpMethodConstraint[]>, value = <HttpConstraint> )The httpMethodConstraints attribute specifies one or more constraints for some specific HTTP methods, whereas the value attribute specifies a constraint that applies for all other HTTP methods which are not specified by the httpMethodConstraints attribute.
@WebServlet("/process") @ServletSecurity public class MyServlet extends HttpServlet { // servlet code... }
@WebServlet("/process") @ServletSecurity(@HttpConstraint(transportGuarantee = TransportGuarantee.CONFIDENTIAL)) public class MyServlet extends HttpServlet { // servlet code... }
@WebServlet("/process") @ServletSecurity( httpMethodConstraints = @HttpMethodConstraint(value = "POST", emptyRoleSemantic = EmptyRoleSemantic.DENY) ) public class MyServlet extends HttpServlet { // servlet code... }
@WebServlet("/manage") @ServletSecurity(@HttpConstraint(rolesAllowed = "admin")) public class AdminServlet extends HttpServlet { // servlet code... }
@WebServlet("/manage") @ServletSecurity( httpMethodConstraints = { @HttpMethodConstraint(value = "GET", rolesAllowed = "admin"), @HttpMethodConstraint(value = "POST", rolesAllowed = "admin", transportGuarantee = TransportGuarantee.CONFIDENTIAL), } ) public class AdminServlet extends HttpServlet { // servlet code... }
Name | Type | Required | Description |
httpMethodConstraints | HttpMethodConstraint[] | Optional | Specifies HTTP method constraints which will apply for the servlet. |
value | HttpConstraint | Optional | Specifies a constraint that applies to all HTTP methods that are not specified by the httpMethodConstraints. |
Name | Type | Required | Description |
value | String | Required | Name of HTTP method. |
emptyRoleSemantic | ServletSecurity.EmptyRoleSemantic | Optional | Specifies the default authorization semantic that applies for the servlet when no roles specified by the array rolesAllowed. |
rolesAllowed | String[] | Optional | Specifies role names that are authorized to access the servlet. |
transportGuarantee | ServletSecurity.TransportGurantee | Optional | Specifies type of data protection that applies for the connection (SSL/TLS). |
Name | Type | Required | Description |
rolesAllowed | String[] | Optional | Specify authorized role names. |
transportGuarantee | ServletSecurity.TransportGurantee | Optional | Specifies type of data protection that applies for the connection (SSL/TLS). |
value | ServletSecurity.EmptyRoleSemantic | Optional | Specifies the default authorization semantic when no roles specified by the array rolesAllowed. |
This enumeration defines access semantic with two constants:
This enumeration specifies data protection for the transport with two constants: