@Documented
@Retention(value=RUNTIME)
public @interface HttpConstraint
ServletSecurity
annotation to represent the security constraints to be
applied to all HTTP protocol methods for which a corresponding HttpMethodConstraint
element does NOT occur
within the ServletSecurity
annotation.
For the special case where an @HttpConstraint
that returns all default values occurs in combination with
at least one HttpMethodConstraint
that returns other than all default values, the
@HttpConstraint
represents that no security constraint is to be applied to any of the HTTP protocol
methods to which a security constraint would otherwise apply. This exception is made to ensure that such potentially
non-specific uses of @HttpConstraint
do not yield constraints that will explicitly establish unprotected
access for such methods; given that they would not otherwise be covered by a constraint.
Modifier and Type | Optional Element and Description |
---|---|
java.lang.String[] |
rolesAllowed
The names of the authorized roles.
|
ServletSecurity.TransportGuarantee |
transportGuarantee
The data protection requirements (i.e., whether or not SSL/TLS is required) that must be satisfied by the
connections on which requests arrive.
|
ServletSecurity.EmptyRoleSemantic |
value
The default authorization semantic.
|
public abstract ServletSecurity.EmptyRoleSemantic value
rolesAllowed
returns a
non-empty array, and should not be specified when a non-empty array is specified for rolesAllowed.ServletSecurity.EmptyRoleSemantic
to be applied when rolesAllowed
returns an empty (that is,
zero-length) array.public abstract ServletSecurity.TransportGuarantee transportGuarantee
ServletSecurity.TransportGuarantee
indicating the data protection that must be provided by the connection.public abstract java.lang.String[] rolesAllowed
EmptyRoleSemantic
returned by the value
method. If value
returns
DENY, and rolesAllowed
returns a zero length array, access is to be denied
independent of authentication state and identity. Conversely, if value
returns
PERMIT
, it indicates that access is to be allowed independent of authentication state and
identity. When the array contains the names of one or more roles, it indicates that access is contingent
on membership in at least one of the named roles (independent of the EmptyRoleSemantic
returned by the value
method).