web.xml中的security-constraint

来源：互联网发布：经传软件骗局2016 编辑：程序博客网时间：2024/06/08 03:15

<security-constraint><web-resource-collection><url-pattern>/*</url-pattern><http-method>PUT</http-method><http-method>SEARCH</http-method><http-method>DELETE</http-method><http-method>COPY</http-method><http-method>MOVE</http-method><http-method>PROPFIND</http-method><http-method>PROPPATCH</http-method><http-method>MKCOL</http-method><http-method>LOCK</http-method><http-method>UNLOCK</http-method><http-method>HEAD</http-method><http-method>OPTIONS</http-method><http-method>TRACE</http-method><http-method>PATCH</http-method></web-resource-collection><!-- <auth-constraint><role-name>All Role</role-name></auth-constraint> --></security-constraint><login-config><auth-method>BASIC</auth-method></login-config>

其中的，

<auth-constraint><role-name>All Role</role-name></auth-constraint>

如果有元素标签auth-constraint时，内容为空时则禁止所有资源访问，无此元素时则security-constraint不起作用

详见其他地方的说明

如果H5请求服务端，报403/415时，不一定是跨域问题，有可能是这个web.xml中加了元素security-constraint及空元素security-constraint

阅读全文

0 0