这意味着web.xml
某人仅针对pattern上的POST和GET方法指定了安全性约束/bg/c/portal/protected
,可能与此类似:
<security-constraint>
<web-resource-collection>
<url-pattern>/bg/c/portal/protected</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>...</transport-guarantee>
</user-data-constraint>
</security-constraint>
您应该删除http-method
方括号以使其匹配此方法的所有方法,url-pattern
或者如果您想为其设置不同的安全性约束而没有任何http- method
方括号,则创建第二个方括号。
例如,如果您想/bg/c/portal/protected
为POST
和GET
方法使用SSL 端点进行安全保护,而对于其他方法则不需要,则应创建如下配置:
<security-constraint>
<web-resource-collection>
<url-pattern>/bg/c/portal/protected</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<url-pattern>/bg/c/portal/protected</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>