![]() |
![]() |
||||
This elements lists all roles which can gain access to a resource protected in a <security-constraint>.
For a user to gain access, they must belong to at least one of the listed roles.
Roles are listed using the <role-name> subelement.
If no roles are listed, no user is allowed access to the protected area.
Users are mapped to Roles in the Security Realm itself (for example, a JDBC Authentication Realm).