<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>SEARCH</http-method>
<http-method>DELETE</http-method>
<http-method>COPY</http-method>
<http-method>MOVE</http-method>
<http-method>PROPFIND</http-method>
<http-method>PROPPATCH</http-method>
<http-method>MKCOL</http-method>
<http-method>LOCK</http-method>
<http-method>UNLOCK</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>PATCH</http-method>
</web-resource-collection>
<!-- <auth-constraint>
<role-name>All Role</role-name>
</auth-constraint> -->
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
其中的,
<auth-constraint>
<role-name>All Role</role-name>
</auth-constraint>
如果有元素标签auth-constraint时,内容为空时则禁止所有资源访问,无此元素时则security-constraint不起作用
详见其他地方的说明