<div dir="ltr">Please ignore this question, just found that I need to add this line<div>&quot; &lt;auth-constraint&gt;<div>            &lt;role-name&gt;user&lt;/role-name&gt;</div> &lt;/auth-constraint&gt;&quot;</div><div><br></div><div>to the &lt;security-constraint&gt; section. </div><div><br></div><div>Thank you.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Aug 5, 2016 at 10:35 PM, Ling <span dir="ltr">&lt;<a href="mailto:lingvisa@gmail.com" target="_blank">lingvisa@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi, if I want to secure the root directory, namely, when I visit <a href="http://localhost:8080/myapp" target="_blank">http://localhost:8080/myapp</a>, then it redirects me to the keycloak login page, asking for credentials. How to achieve that?<div><br></div><div>I modified the Web.xml as follows, but it doesn&#39;t secure anything at all. I thought this should work &quot;&lt;url-pattern&gt;/*&lt;/url-pattern&gt;<wbr>&quot;, but it doesn&#39;t. </div><div><br></div><div><br></div><div><div>&lt;!-- </div><div>    &lt;security-constraint&gt;</div><div>        &lt;web-resource-collection&gt;</div><div>            &lt;web-resource-name&gt;Admins&lt;/<wbr>web-resource-name&gt;</div><div>            &lt;url-pattern&gt;/admin/*&lt;/url-<wbr>pattern&gt;</div><div>        &lt;/web-resource-collection&gt;</div><div>        &lt;auth-constraint&gt;</div><div>            &lt;role-name&gt;admin&lt;/role-name&gt;</div><div>        &lt;/auth-constraint&gt;</div><div>    &lt;/security-constraint&gt;</div><div>    &lt;security-constraint&gt;</div><div>        &lt;web-resource-collection&gt;</div><div>            &lt;web-resource-name&gt;Login&lt;/web-<wbr>resource-name&gt;</div><div>            &lt;url-pattern&gt;/login2/*&lt;/url-<wbr>pattern&gt;</div><div>        &lt;/web-resource-collection&gt;</div><div>        &lt;auth-constraint&gt;</div><div>            &lt;role-name&gt;user&lt;/role-name&gt;</div><div>        &lt;/auth-constraint&gt;</div><div>    &lt;/security-constraint&gt;</div><div> --&gt;</div><div>    </div><div>    &lt;security-constraint&gt;</div><div>        &lt;web-resource-collection&gt;</div><div>        <span style="white-space:pre-wrap">        </span>&lt;web-resource-name&gt;Web Root&lt;/web-resource-name&gt;</div><div>            &lt;url-pattern&gt;/*&lt;/url-pattern&gt;</div><div>        &lt;/web-resource-collection&gt;</div><div>      </div><div> &lt;!-- </div><div>        &lt;user-data-constraint&gt;</div><div>            &lt;transport-guarantee&gt;<wbr>CONFIDENTIAL&lt;/transport-<wbr>guarantee&gt;</div><div>        &lt;/user-data-constraint&gt;</div><div>         --&gt;</div><div>    &lt;/security-constraint&gt;</div><div><br></div><div>    &lt;login-config&gt;</div><div>        &lt;auth-method&gt;KEYCLOAK&lt;/auth-<wbr>method&gt;</div><div>        &lt;realm-name&gt;bword&lt;/realm-name&gt;</div><div>    &lt;/login-config&gt;</div></div><div><br></div></div>
</blockquote></div><br></div>