Sorry for the delayed response - just catching up with my inbox after
vacation and subsequent conference trip. Unfortunately, you can only
have one security realm for an application today. If this is a hard
requirement you may need to look at a security framework that
complements Java EE such as Shiro, PicketLink or Octopus.
On 1/6/2015 6:23 AM, Tomaz Majerhold wrote:
> I have two security-constraint and I want that each is using own realm
> is this possible.
>
> something like that:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Area 1</web-resource-name>
> <url-pattern>/rest/script/*</url-pattern>
> <http-method>PUT</http-method>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>role1</role-name>
> </auth-constraint>
> </security-constraint>
>
> Here I want to use BASIC and File realm
>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Area 2</web-resource-name>
> <url-pattern>/rest/users/*</url-pattern>
> <http-method>PUT</http-method>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>role2</role-name>
> </auth-constraint>
> </security-constraint>
>
> And here I want to use JDBC realm
>
>
> Regards, Tomaz