vanduc1102/web-config-auth.xml

## web-config-auth.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <display-name>xedu-mongodb-web</display-name>
    <!-- Auto scan REST service -->
    <context-param>
        <param-name>resteasy.scan</param-name>
        <param-value>true</param-value>
    </context-param>
    <context-param>
        <param-name>resteasy.servlet.mapping.prefix</param-name>
        <param-value>/rest</param-value>
    </context-param>
    <listener>
        <listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
    </listener>
    <servlet>
        <servlet-name>Resteasy</servlet-name>
        <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Resteasy</servlet-name>
        <url-pattern>/rest/*</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>30</session-timeout>
    </session-config>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>SecuredWebResources</web-resource-name>
            <description>Security constraints applied to all resources</description>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>*</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Public</web-resource-name>
            <description>Login page is free to access</description>
            <url-pattern>/login-app/*</url-pattern>
        </web-resource-collection>
        <!-- No auth-constraint means everybody has access! -->
    </security-constraint>
    <security-role>
        <role-name>*</role-name>
    </security-role>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>XpertLineRealm</realm-name>
    </login-config>
</web-app>
	<?xml version="1.0" encoding="UTF-8"?>
	<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
	<display-name>xedu-mongodb-web</display-name>
	<!-- Auto scan REST service -->
	<context-param>
	<param-name>resteasy.scan</param-name>
	<param-value>true</param-value>
	</context-param>
	<context-param>
	<param-name>resteasy.servlet.mapping.prefix</param-name>
	<param-value>/rest</param-value>
	</context-param>
	<listener>
	<listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
	</listener>
	<servlet>
	<servlet-name>Resteasy</servlet-name>
	<servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
	<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
	<servlet-name>Resteasy</servlet-name>
	<url-pattern>/rest/*</url-pattern>
	</servlet-mapping>
	<session-config>
	<session-timeout>30</session-timeout>
	</session-config>
	<security-constraint>
	<web-resource-collection>
	<web-resource-name>SecuredWebResources</web-resource-name>
	<description>Security constraints applied to all resources</description>
	<url-pattern>/*</url-pattern>
	</web-resource-collection>
	<auth-constraint>
	<role-name>*</role-name>
	</auth-constraint>
	<user-data-constraint>
	<transport-guarantee>CONFIDENTIAL</transport-guarantee>
	</user-data-constraint>
	</security-constraint>
	<security-constraint>
	<web-resource-collection>
	<web-resource-name>Public</web-resource-name>
	<description>Login page is free to access</description>
	<url-pattern>/login-app/*</url-pattern>
	</web-resource-collection>
	<!-- No auth-constraint means everybody has access! -->
	</security-constraint>
	<security-role>
	<role-name>*</role-name>
	</security-role>
	<login-config>
	<auth-method>BASIC</auth-method>
	<realm-name>XpertLineRealm</realm-name>
	</login-config>
	</web-app>