6 Replies Latest reply on Oct 23, 2013 4:27 AM by jmsjr

    JBOSS 7 security-constraint - allow to all authenticated users to access except some groups

    johnsonlui Newbie

      Hello all,

       

      We know that we can make security-constraint in web.xml to control the security access

      we know that we can use this

       

      <security-constraint>

             <web-resource-collection>

               <url-pattern>/</url-pattern>

               <http-method>DELETE</http-method>

               <http-method>PUT</http-method>

               <http-method>HEAD</http-method>

               <http-method>OPTIONS</http-method>

               <http-method>TRACE</http-method>

               <http-method>GET</http-method>

               <http-method>POST</http-method>

             </web-resource-collection>

             <auth-constraint>

                <role-name>*</role-name>

             </auth-constraint>

             <user-data-constraint>

               <transport-guarantee>NONE</transport-guarantee>

             </user-data-constraint>

          </security-constraint>

       

      to allow all authenticated users

       

      but how about if i want to allow all except some of the ldap groups, what should i set in Jboss?

      Thanks a lot

       

      Johnson