Each security constraint consists of:
- a web resource collection - a URL and HTTP method that refers to resources that need to be protected.
- authorization constraint - a set of roles that are defined to have access to the web resource collection
- user data constraint - an optional parameter that defines whether a resource is accessed with:
- confidentiality protection
- Integrity protection
- No protection