Each security constraint consists of:
-
a web resource collection - a URL and HTTP method that
refers to resources that need to be protected.
-
authorization contraint - a set of roles that are defined to have
access to the web resource collection
-
user data contraint - an optional parameter that defines whether
a resource is accessed with:
- confidentiality protection
- Integrity protection
- No protection