最近我添加了对JEE应用程序的授权,为实现这一目标,我在web.xml添加了以下几行:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>USER_LOGIN</role-name>
</auth-constraint>
</security-constraint>
但是在验证文件时,我的IDE会在指定要保护的URL之前响应它需要web-resource-name:
<security-constraint>
<web-resource-collection>
<web-resource-name></web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>USER_LOGIN</role-name>
</auth-constraint>
</security-constraint>
对相应XML模式的交叉引用强调了这一假设:
<xsd:complexType name="web-resource-collectionType">
<xsd:annotation>
<xsd:documentation>
The web-resource-collectionType is used to identify the
resources and HTTP methods on those resources to which a
security constraint applies. If no HTTP methods are specified,
then the security constraint applies to all HTTP methods.
If HTTP methods are specified by http-method-omission
elements, the security constraint applies to all methods
except those identified in the collection.
http-method-omission and http-method elements are never
mixed in the same collection.
Used in: security-constraint
</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="web-resource-name" type="javaee:string">
<xsd:annotation>
<xsd:documentation>
The web-resource-name contains the name of this web
resource collection.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
因此,除了将其设置为不在场的名称之外,还有什么用途以及为什么Oracle将其描述为
web-resource-name是您用于此资源的名称。它的使用是可选的。
当XML架构明确指出它是强制性的吗?