InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.8: Administering Web modules (overview) >
6.6.8.0: Web module properties >
6.6.8.0.4: Assembly properties for security constraints

6.6.8.0.4: Assembly properties for security constraints

Security constraints declare how Web content is to be protected. These properties associate security constraints with one or more Web resource collections. A constraint consists of a Web resource collection, an authorization constraint, and a user data constraint.

  • A Web resource collection is a set of resources (URL patterns) and HTTP methods on those resources. All requests that contain a request path that matches the URL pattern described in the Web resource collection is subject to the constraint. If no HTTP methods are specified, then the security constraint applies to all HTTP methods.

  • An authorization constraint is a set of roles that users must be granted in order to access the resources described by the Web resource collection. If a user who requests access to a specified URI is not granted at least one of the roles specified in the authorization constraint, the user is denied access to that resource.

  • A user data constraint indicates that the transport layer of the client/server communications process must satisfy the requirement of either guaranteeing content integrity (preventing tampering in transit) or guaranteeing confidentiality (preventing reading while in transit).

If multiple security constraints are specified, the container uses the "first match wins" rule when processing a request to determine what authentication method to use, or what authorization to allow.

Security constraint name
Specifies the name of the security constraint.

Authorization Constraints - Roles
Specifies the user roles that are permitted access to this resource collection.

Authorization Constraints - Description
Contains a description of the authorization constraints.

User Data Constraints - Transport guarantee
Indicates how data communicated between the client and the server is to be protected. Specifies that the protection for communications between the client and server is None, Integral, or Confidential. None means that the application does not require any transport guarantees. Integral means that the application requires that the data sent between the client and the server must be sent in such a way that it cannot be changed in transit. Confidential means that the application requires that the data must be transmitted in a way that prevents other entities from observing the contents of the transmission. In most cases, Integral or Confidential indicates that the use of SSL is required.

User Data Constraints - Description
Contains a description of the user data constraints.
Go to previous article: 6.6.8.0.3: Assembly properties for page lists Go to next article: 6.6.8.0.5: Assembly properties for Web resource collections

 

 
Go to previous article: 6.6.8.0.3: Assembly properties for page lists Go to next article: 6.6.8.0.5: Assembly properties for Web resource collections