• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

security constraint

 
Ranch Hand
Posts: 231
Tomcat Server Notepad Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
can anybody help me in understanding of security constraint tag in DD??
 
Greenhorn
Posts: 9
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In "Head First Servlets and JSP (2nd Edition)" it's described in very clear manner.
 
shivam singhal
Ranch Hand
Posts: 231
Tomcat Server Notepad Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
yeah, i have studied that one still i am confused..

unable to understand which roles can access the resource..

if..

<security-constaint>
<web-resource-collection>
<web-resource-name>something</web-resource-name>
<url-pattern>WEB-INF/shivam</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>

<auth-constraint>
<role-name>MEMBER</role-name>
<role-name>ADMIN</role-name>
</auth-constraint>
</security constraint>


In this case if we have member , admin and guest role name.. then only member and admin are allowed to POST anything on the resource.. and guest can't post but guest can get ,trace ,put anything on the resource RIGHT??
or anything MISSING??
 
Ranch Hand
Posts: 924
1
Netbeans IDE Fedora Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
first of all your url-pattern is not right. it should follow the proper rules . now the security contraint you defined says this :

the POST method is constrained. it means not everybody can post on the given url-pattern. only users whose role is either MEMBER OR ADMIN can POST on the url-pattern. rest anybody including MEMBER, ADMIN OR GUEST can GET, TRACE, HEAD etc(all the methods except POST) on the url-pattern. also keep in mind anybody can GET on the pattern but if you havent overriden doGet then it will throw 405 method not supported status code(this is but obvious). i hope i clear your doubt
 
shivam singhal
Ranch Hand
Posts: 231
Tomcat Server Notepad Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
yeah!!..
thanks gurpeet..
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic