<security-constraint>
<display-name>baseporject</display-name>
<web-resource-collection>
<web-resource-name>baseproject</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.do</url-pattern>
<!--
没有http-method默认全部请求
-->
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>TRACE</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<!--
没有auth-constraint默认所有用户都能访问
写了单内容为空,默认任何人都不能访问
注意:这里的用户是在 apache-tomcat-9.0.0.M9\conf\tomcat-users.xml文件中指定的
-->
<auth-constraint>
<description>baseproject</description>
<role-name>All Role</role-name>
</auth-constraint>
<!--
<user-data-constraint>可以设置安全链接类型https
-->
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!--
设置用户验证的方式,这里是FORM的形式,当然还有其他方式。
-->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<!--
<security-role>安全角色声明,实验发现去掉不影响
-->
<security-role>
<role-name>All Role</role-name>
</security-role></span>