[jboss-as7-dev] Security Domain Association

Anil Saldhana Anil.Saldhana at redhat.com
Mon Jun 13 09:18:11 EDT 2011


http://java.dzone.com/articles/understanding-web-security

The constraints are a mix of url patterns and http methods.

On 06/13/2011 07:57 AM, Remy Maucherat wrote:
> On Mon, 2011-06-13 at 18:10 +0530, Jaikiran Pai wrote:
>> Furthermore, isn't the security for web, based on url-pattern and _not_
>> per servlet class? For example the same servlet class might be mapped to
>> two different url-patterns and only one url-pattern might be secured. In
>> such cases having a @SecurityDomain on a servlet class won't work, isn't it?
> The new security annotation from Servlet 3 now corresponds to it, but
> the basis of the servlet security ultimately remains URL matching.


More information about the jboss-as7-dev mailing list