The <security-constraint> rules for <web-resource-collection> elements
Remember; the purpose of the <web-resource-collection> sub-element is to tell the container which resources and HTTP Method combinations should be constrained in such a way that they can be accessed only by the roles in the corresponding <auth-constraint> tag. We wish we could tell you to relax here, but you really do need to know the details of these elements. If you make one little mistake in the security part of your DD, you could leave the most sensitive parts of your app open to... everyone.
Get Head First Servlets and JSP, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.