<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
To authorize a specific security role, LDAP container), administrators should modify the role-name node.
Examples:
1) to allow a role to access BatchInstanceManagement.html(role taken here admin):
<security-constraint>
<web-resource-collection>
<web-resource-name>batch instance management</web-resource-name>
<url-pattern>/BatchInstanceManagement.html</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Here we have allowed the role by mentioning it in the auth-constraint tag.
2) To allow multiple roles to access BatchInstanceManagement.html do the following configuration(roles taken here are role2 and admin):
<security-constraint>
<web-resource-collection>
<web-resource-name>batch instance management</web-resource-name>
<url-pattern>/BatchInstanceManagement.html</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>role2</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Here the <Security-role> tag need not to be modified. It can remain as it is with a single entry (*) allowing all groups. However it may give warnings if security-role tag is not mapped to groups individually. These warnings can be eliminated by providing mapping for roles in <security-role> tag.
<security-role>
<role-name>*</role-name>
</security-role>
Active Directory Example:
Say I want to restrict:
BatchClassManagement.html
The AD group Distinguished Names from jexplorer i want access to this page are:
CN=GSTIRAAdmin,OU=Identifi,DC=ts2000,DC=com
CN=GSTIRAPowerUsers,OU=Identifi,DC=ts2000,DC=com
CN=GSTIRAUsers,OU=Identifi,DC=ts2000,DC=com
For example, for the roles above…the entry would like like:
<security-constraint>
<web-resource-collection>
<web-resource-name>batch instance management</web-resource-name>
<url-pattern>/BatchInstanceManagement.html</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>GSTIRAAdmin</role-name>
<role-name>GSTIRAPowerUsers</role-name>
<role-name>GSTIRAUsers</role-name>
</auth-constraint>
</security-constraint>