The auth-constraintType indicates the user roles thatshould be permitted access to this resourcecollection. The role-name used here must either correspondto the role-name of one of the security-role elementsdefined for this web application, or be the speciallyreserved role-name "*" that is a compact syntax forindicating all roles in the web application. If both "*"and rolenames appear, the container interprets this as allroles. If no roles are defined, no user is allowed accessto the portion of the web application described by thecontaining security-constraint. The container matchesrole names case sensitively when determining access.
description
-
@since J2EE1.4 deprecated, becomes descriptionsA description of the auth constraint. data type:
String
default Value:
unspecified
roles
-
A list of role names for the auth constraint. Each element specifies the name of a security role (a String). data type:
String
default Value:
unspecified
secConstraint
-
data type: descriptions
-
@since J2EE1.4 data type:Description*