Dynamic security constraint configuration in Java web.xml
Question
I currently have a REST API that must be authenticated via BasicAuth, but later some other method.
It's setup in Tomcat 6 with realms and I have the following in my web.xml ,
<security-constraint>
<web-resource-collection>
<web-resource-name>document</web-resource-name>
<url-pattern>/rest/document/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>document</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<Realm-name>Tomcat-Advance-Authentication-Realm</Realm-name>
</login-config>
This works fine for URLs like /rest/document/* .
My question is, does anyone know if it's possible or how to define other URLs dynamically without building and re-deploying?
For example another security constraint,
<security-constraint>
<web-resource-collection>
<web-resource-name>secure</web-resource-name>
<url-pattern>/rest/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>secure</role-name>
</auth-constraint>
</security-constraint>
Thanks
1 answers
solution1
2 ACCPTED 2012-04-02 16:08:13
Whenever you make a change to web.xml, the web application needs to be restarted to pick up those changes.
If you need dynamic security constraint consider building a custom configurable filter and a related property file in wich you can define protected resources(for example).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.