<security-constraint>
<web-resource-collection>
<web-resource-name>
Form Runner pages
</web-resource-name>
<url-pattern>
/fr/
</url-pattern>
<url-pattern>
/fr/orbeon/builder/*
</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>
it_ci
</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>
Form Runner
</web-resource-name>
<url-pattern>
/fr/auth
</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>
it_ci
</role-name>
</auth-constraint>
</security-constraint>
<!-- The following pages and services are allowed without constraints by default -->
<security-constraint>
<web-resource-collection>
<web-resource-name>
Form Runner services and public pages and resources
</web-resource-name>
<url-pattern>
/fr/service/*
</url-pattern>
<url-pattern>
/fr/style/*
</url-pattern>
<url-pattern>
/fr/not-found
</url-pattern>
<url-pattern>
/fr/error
</url-pattern>
<url-pattern>
/fr/login
</url-pattern>
<url-pattern>
/fr/login-error
</url-pattern>
</web-resource-collection>
</security-constraint>