Files Modified by Configure ADF Security Wizard: web.xml
The web.xml file contains configuration and deployment information for a Web application. When you define ADF authentication, the Configure ADF Security Wizard modifies the web.xml file as follows:
Defines the authentication servlet
Provides the servlet mapping for enforcing security
Defines a security constraint on authentication Web resource (you may use this page to add further security constraints)
Defines the login configuration
Specifies required security roles (you may use this page to add further roles)
The web.xml file is in the /public_html/WEB-INF subdirectory of the UI project.
Because every user of the application is required to be able to log on, the security constraint defined against the ADF authentication servlet should allow all users to access this Web resource. As such, the security role associated with the constraint should encompass all users. To simplify this task, the valid-users role is provided.
Note: You must not delete the adfAuthentication constraint from the web.xml file. Deleting it would prevent users from logging on to the application in the manner supported by ADF. Any other static security constraints would continue to work and invoke a login if required.