- Posts: 3
- Joined: Sat Apr 14, 2018 12:16 pm
Actually I have run some code to validate this, not sure if there was anything wrong with my experiments, however, I have found the below that the decreasing order of authority of security constraint declaration is this
<security-constraint> in web.xml --> @SecvletSecurity annotation --> setServletSecurity method of the ServletRegistration.Dynamic interface given the URL patterns applied to servlet match. Otherwise URL pattern in the web.xml and the security-constraint mentioned in the web.xml prevail.
Users browsing this forum: No registered users and 2 guests