Automatic generation of Trinidad Servlet Resource Exemptions

2937306

Hi All,

In our project, we have following entries in web.xml which is taken by ojdeploy and adds security-constraint for all the resources mentioned below.

I don't know which particular component of adf/trinidad is adding this security-constraint ( highlighted in Bold below).

<servlet-mapping>

    <servlet-name>resources</servlet-name>

    <url-pattern>/adf/*</url-pattern>

  </servlet-mapping>

  <servlet-mapping>

    <servlet-name>resources</servlet-name>

    <url-pattern>/afr/*</url-pattern>

  </servlet-mapping>

<servlet>

    <servlet-name>resources</servlet-name>

    <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>

  </servlet>

-After ojdeploy is successful, below extra element is being added to web.xml and a war is generated:

<security-constraint>

    <web-resource-collection>

      <web-resource-name>

        Trinidad Resource Servlet Exemptions

      </web-resource-name>

      <url-pattern>/afr/*</url-pattern>

      <url-pattern>/ohr/*</url-pattern>

      <url-pattern>/bi/*</url-pattern>

      <url-pattern>/adf/*</url-pattern>

    </web-resource-collection>

  </security-constraint>

For security concern raised as part of a customer SR, we have to add auth-constraint for this security-constraint. So, I would like to know if there is any way to either stop automatic generation of this element or any way to also add auth-constraint when this block is generated?

Attached is the profile(inv is the profile name) in our jpr project which is used for appending the above block to existing web.xml and package to war file.

Env: Using jdeveloper 12.2.1.3