如何在 Servlets 3.x 中以编程方式设置<安全约束>？

我相信你正在寻找注释@ServletSecurity

@WebServlet(urlPatterns = "/*")
@ServletSecurity(value = @HttpConstraint(transportGuarantee = TransportGuarantee.CONFIDENTIAL))
public class SomeServlet extends HttpServlet { ... } 

或者与在一个（或任何你有访问权限的任何地方）ServletRegistrationServletContainerInitializerServletContext)

ServletRegistration.Dynamic dynamic = context.addServlet("someServlet", SomeServlet.class);
dynamic.addMapping("/*");
HttpConstraintElement httpConstraintElement = new HttpConstraintElement(TransportGuarantee.CONFIDENTIAL);
ServletSecurityElement servletSecurityElement = new ServletSecurityElement(httpConstraintElement);
dynamic.setServletSecurity(servletSecurityElement);

我能够通过配置 glassfish 域安全性来为项目执行此操作：

1. 创建一个新的安全域，在此示例中称为：FooRealm
2. 将使用（或 w/o）密码的用户添加到 FooRealm
3. 将每个用户添加到“群福”

这涵盖了您的玻璃鱼配置，这是您的网络.xml：

<security-constraint>
    <display-name>SecurityConstraint</display-name>
    <web-resource-collection>
        <web-resource-name>Everything</web-resource-name>
        <description>Everything</description>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <description>UserAuthenticationConstraint</description>
        <role-name>GroupFoo</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>FooRealm</realm-name>
    <form-login-config>
        <form-login-page>/Login.jsp</form-login-page>
        <form-error-page>/LoginError.html</form-error-page>
    </form-login-config>
</login-config>