private SecurityPathMatches buildSecurityConstraints() { SecurityPathMatches.Builder builder = SecurityPathMatches.builder(super.getDeployment().getDeploymentInfo()); final Set<String> urlPatterns = new HashSet<>(); for (SecurityConstraint constraint : super.getDeployment().getDeploymentInfo().getSecurityConstraints()) { builder.addSecurityConstraint(constraint); for (WebResourceCollection webResources : constraint.getWebResourceCollections()) { urlPatterns.addAll(webResources.getUrlPatterns()); } } for (final ServletInfo servlet : super.getDeployment().getDeploymentInfo().getServlets().values()) { final ServletSecurityInfo securityInfo = servlet.getServletSecurityInfo(); if (securityInfo != null) { final Set<String> mappings = new HashSet<>(servlet.getMappings()); mappings.removeAll(urlPatterns); if (!mappings.isEmpty()) { final Set<String> methods = new HashSet<>(); for (HttpMethodSecurityInfo method : securityInfo.getHttpMethodSecurityInfo()) { methods.add(method.getMethod()); if (method.getRolesAllowed().isEmpty() && method.getEmptyRoleSemantic() == EmptyRoleSemantic.PERMIT) { // this is an implict allow continue; } SecurityConstraint newConstraint = new SecurityConstraint() .addRolesAllowed(method.getRolesAllowed()) .setTransportGuaranteeType(method.getTransportGuaranteeType()) .addWebResourceCollection( new WebResourceCollection() .addUrlPatterns(mappings) .addHttpMethod(method.getMethod())); builder.addSecurityConstraint(newConstraint); } // now add the constraint, unless it has all default values and method constrains where // specified if (!securityInfo.getRolesAllowed().isEmpty() || securityInfo.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT || methods.isEmpty()) { SecurityConstraint newConstraint = new SecurityConstraint() .setEmptyRoleSemantic(securityInfo.getEmptyRoleSemantic()) .addRolesAllowed(securityInfo.getRolesAllowed()) .setTransportGuaranteeType(securityInfo.getTransportGuaranteeType()) .addWebResourceCollection( new WebResourceCollection() .addUrlPatterns(mappings) .addHttpMethodOmissions(methods)); builder.addSecurityConstraint(newConstraint); } } } } return builder.build(); }