background image

Specifying a Secure Connection

<< Specifying Separate Security Constraints | Specifying an Authentication Mechanism >>
<< Specifying Separate Security Constraints | Specifying an Authentication Mechanism >>

Specifying a Secure Connection

<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>CLIENT</role-name>
</auth-constraint>
</security-constraint>
When the same url-pattern and http-method occur in multiple security constraints, the
constraints on the pattern and method are defined by combining the individual constraints,
which could result in unintentional denial of access. Section 12.7.2 of the Java Servlet 2.5
Specification (downloadable from
http://jcp.org/en/jsr/detail?id=154
) gives an example
that illustrates the combination of constraints and how the declarations will be interpreted.
Specifying a Secure Connection
A user data constraint (<user-data-constraint> in the deployment descriptor) requires that
all constrained URL patterns and HTTP methods specified in the security constraint are
received over a protected transport layer connection such as HTTPS (HTTP over SSL). A user
data constraint specifies a transport guarantee (<transport-guarantee> in the deployment
descriptor). The choices for transport guarantee include CONFIDENTIAL, INTEGRAL, or NONE. If
you specify CONFIDENTIAL or INTEGRAL as a security constraint, that type of security constraint
applies to all requests that match the URL patterns in the web resource collection and not just to
the login dialog box. The following security constraint includes a transport guarantee:
<security-constraint>
<web-resource-collection>
<web-resource-name>wholesale</web-resource-name>
<url-pattern>/acme/wholesale/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>PARTNER</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
The strength of the required protection is defined by the value of the transport guarantee.
Specify CONFIDENTIAL when the application requires that data be transmitted so as to prevent
other entities from observing the contents of the transmission. Specify INTEGRAL when the
application requires that the data be sent between client and server in such a way that it cannot
be changed in transit. Specify NONE to indicate that the container must accept the constrained
requests on any connection, including an unprotected one.
Defining Security Requirements for Web Applications
Chapter 30 · Securing Web Applications
857