Security constraint sassembly settings

Security constraint sassembly settings

Use the Security constraints panel to configure security constraints.

To view this AAT panel, open an existing or create a new Web module. Right-click Security Constraints from the left navigation menu. Click New.

Security constraints declare how to protect Web content. These properties associate security constraints with one or more Web resource collections. A constraint consists of a Web resource collection, an authorization constraint, and a user data constraint.

A Web resource collection is a set of resources URL(patterns) and HTTP methods on those resources. All requests that contain a request path that matches the URL pattern described in the Web resource collection is subject to the constraint. If no HTTP methods are specified, then the security constraint applies to all HTTP methods.

An authorization constraint is a set of roles that users must be granted in order to access the resources described by the Web resource collection. If a user who requests access to a specified URI is not granted at least one of the roles specified in the authorization constraint, the user is denied access to that resource.

A user data constraint indicates that the transport layer of the client/server" communications process must satisfy the requirement of either guaranteeing content integrity (preventing tampering in transit) or guaranteeing confidentiality (preventing reading while in transit).

If multiple security constraints are specified, the container uses the "first match wins" rule when processing a request to determine what authentication method to use, or what authorization to allow

Security constraint name

Specifies the name of the security constraint.

Data type String

Authorization Constraints - Roles

Specifies the user roles that are permitted access to this resource collection.

Data type String

Authorization Constraints - Description

Contains a description of the authorization constraints

Data type String

User Data Constraints - Transport guarantee

Indicates how data communicated between the client and the server is to be protected.
Specifies that the protection for communications between the client and server is None, Integral, or Confidential.

None means that the application does not require any transport guarantees.

Integral means that the application requires that the data sent between the client and the server must be sent in such a way that it cannot be changed in transit.

Confidential means that the application requires that the data must be transmitted in a way that prevents other entities from observing the contents of the transmission.

In most cases, Integral or Confidential indicates that the use of SSL is required.

Data type String

User Data Constraints - Description

Contains a description of the user data constraints.

Data type String