Details
Description
When have following configuration in web.xml, GET and POST can be accessed by both "RoleA" and "RoleB".
<security-constraint>
<web-resource-collection>
<web-resource-name>resource2</web-resource-name>
<url-pattern>/SampleServlet2</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>RoleA</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>resource3</web-resource-name>
<url-pattern>/SampleServlet2</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>RoleB</role-name>
</auth-constraint>
</security-constraint>