Step 2- Define Role and Protected Resources in your Web Application’s web.xml

You have to define protected web resources and roles which are allowed to access these resources. A web resource is a relative URL inside your application combined with the HTTP access method (GET, PUT, HEAD, TRACE, POST, DELETE).

 

<!-- Defined Security Roles -->

<security-role>

<role-name>SL_ADMIN</role-name>

</security-role>

<security-role>

<role-name>POLICY_READ</role-name>

</security-role>

<security-role>

<role-name>POLICY_WRITE</role-name>

</security-role>

<security-role>

<role-name>CLIENT_READ</role-name>

</security-role>

<security-role>

<role-name>CLIENT_WRITE</role-name>

</security-role>

<security-role>

<role-name>CASE_READ</role-name>

</security-role>

<security-role>

<role-name>GROUPCUSTOMER_READ</role-name>

</security-role>

<security-role>

<role-name>GROUPCUSTOMER_WRITE</role-name>

</security-role>

<security-role>

<role-name>CLIENTRELATIONSHIP_READ</role-name>

</security-role>

<security-role>

<role-name>CLIENTRELATIONSHIP_WRITE</role-name>

</security-role>

<security-role>

<role-name>QUERY_READ</role-name>

</security-role>

<security-role>

<role-name>QUERY_WRITE</role-name>

</security-role>

<security-constraint>

<web-resource-collection>

<web-resource-name>PASService</web-resource-name>

<url-pattern>/rest/services/*</url-pattern>

<http-method>GET</http-method>

<http-method>POST</http-method>

</web-resource-collection>

<auth-constraint>

<role-name>SL_ADMIN</role-name>

<role-name>POLICY_READ</role-name>

<role-name>POLICY_WRITE</role-name>

<role-name>CLIENT_READ</role-name>

<role-name>CLIENT_WRITE</role-name>

<role-name>CASE_READ</role-name>

<role-name>GROUPCUSTOMER_READ</role-name>

<role-name>GROUPCUSTOMER_WRITE</role-name>

<role-name>CLIENTRELATIONSHIP_READ</role-name>

<role-name>CLIENTRELATIONSHIP_WRITE</role-name>

<role-name>QUERY_READ</role-name>

<role-name>QUERY_WRITE</role-name>

</auth-constraint>

<user-data-constraint>

<transport-guarantee>NONE</transport-guarantee>

</user-data-constraint>

</security-constraint>

<login-config>

<auth-method>BASIC</auth-method>

</login-config>