Here is the example code from my web.xml <security-constraint> <display-name> change password</display-name> <web-resource-collection> <web-resource-name>change

Question

0

Asked: May 20, 20262026-05-20T04:32:19+00:00 2026-05-20T04:32:19+00:00

Here is the example code from my web.xml <security-constraint> <display-name> change password</display-name> <web-resource-collection> <web-resource-name>change

0

Here is the example code from my web.xml

<security-constraint>
    <display-name>
    change password</display-name>
    <web-resource-collection>
        <web-resource-name>change password</web-resource-name>
        <url-pattern>/ResetPassword.html</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
        <description>Roles which can access landing page</description>
        <role-name>Admin</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Only user having role “Admin” can access “ResetPassword.html” page.

There is a Java EE API that lets us to test whether current user has access to a specific role or not.

request.isUserInRole(“Admin”);

My default user “DefUser” is returning false because he has no role assigned and I got 403 error as DefUser cannot asscess “ResetPassword.html” page. Can I make request.isUserInRole(“Admin”) return true if I login with DefUser? Is there any other way to do it?

I do want to use the security constraints. This is one of the requirements that there could be a user like “DefUser” which should have permission to all pages having no roles assigned to it.

I just want to bypass these security constraints. Is there any way for “DefUser” to access “ResetPassword.html” page?

http://www.imrantariq.com/blog/