• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

auth constraint tags

 
peter mcp
Greenhorn
Posts: 8
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As the <auth-constraint> tag is optional within a <security-constraint>, will the specified security constraint then apply to all roles ?
cheers !!
 
Rishi Yagnik
Ranch Hand
Posts: 84
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes
pls correct me someone as i am few days away from exam
Rishi
 
peter mcp
Greenhorn
Posts: 8
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thank you !!
my exam is tomorrow morning !!
good luck
 
Dharmin Desai
Ranch Hand
Posts: 81
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No rishi and peter, i hv an opposite opinion to that.
No user is allowed to access that resource collection if u will not declare auth-conatraint for that security contraint.
I m quoting page no - 85 of Servlet Specification:
An authorization constraint is a set of security roles at least one of which users
must belong for access to resources described by the web resource collection. If
the user is not part of an allowed role, the user must be denied access to the
resource requiring it. If the authorization constraint defines no roles, no user is
allowed access to the portion of the web application defined by the security
constraint.

I m asking some more person to post their Ideas here.
Best regards, Dharmin
 
Rishi Yagnik
Ranch Hand
Posts: 84
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yes i agree with Dharmin
after seeing specs
sorry i got wrong
Thanks Dharmin
Rishi
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic