我在应用程序的web.xml中定义了以下安全约束:
<security-constraint>
<display-name>Restrict access to XHTML files</display-name>
<web-resource-collection>
<web-resource-name>XHTML files</web-resource-name>
<url-pattern>*.xhtml</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
和
<security-constraint>
<display-name>Disable DELETE, PUT and TRACE</display-name>
<web-resource-collection>
<web-resource-name>Restricted methods</web-resource-name>
<description>Disable DELETE, PUT and TRACE</description>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
当我添加第二个时,第一个停止工作。查看URL模式和HTTP方法,可以预期两个约束都能正常工作,或者我在这里遗漏了什么?