web.xml is a deployment descriptor of a web application and it contains many configurations about the web application. In the following deployment descriptor, we have the security configurations for our web application:
<?xml version="1.0" encoding="UTF-8" ?>
<web-app >
<security-constraint>
<web-resource-collection>
<web-resource-name>helloworld</web-resource-name>
<url-pattern>/resources/helloworld/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>
In this deployment descriptor, we define the security to all resources that its URL matches with the /resources/helloworld/* pattern. In the following XML code, we have a snippet of web.xml that defines a URL pattern:
<web-resource-collection>
<web-resource-name>helloworld</web-resource-name>
<url-pattern>/resources/helloworld/*</url-pattern>
</web-resource-collection>
The following XML code contains a snippet of web.xml that defines security roles:
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
In the following XML code, we have a snippet of web.xml that defines the authentication mechanism:
<login-config>
<auth-method>BASIC</auth-method>
</login-config>