jQuery in Action, 2nd edition*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes auth constraint tags Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "auth constraint tags" Watch "auth constraint tags" New topic
Author

auth constraint tags

peter mcp
Greenhorn

Joined: Jan 23, 2003
Posts: 8
As the <auth-constraint> tag is optional within a <security-constraint>, will the specified security constraint then apply to all roles ?
cheers !!
Rishi Yagnik
Ranch Hand

Joined: Jan 04, 2001
Posts: 84
Yes
pls correct me someone as i am few days away from exam
Rishi
peter mcp
Greenhorn

Joined: Jan 23, 2003
Posts: 8
thank you !!
my exam is tomorrow morning !!
good luck
Dharmin Desai
Ranch Hand

Joined: Feb 28, 2002
Posts: 81
No rishi and peter, i hv an opposite opinion to that.
No user is allowed to access that resource collection if u will not declare auth-conatraint for that security contraint.
I m quoting page no - 85 of Servlet Specification:
An authorization constraint is a set of security roles at least one of which users
must belong for access to resources described by the web resource collection. If
the user is not part of an allowed role, the user must be denied access to the
resource requiring it. If the authorization constraint defines no roles, no user is
allowed access to the portion of the web application defined by the security
constraint.

I m asking some more person to post their Ideas here.
Best regards, Dharmin


SCJP2 (93%),SCWCD(88%)<br />-------------------------------<br />Never under estimate yr self, just represent yr profile in proper manner.
Rishi Yagnik
Ranch Hand

Joined: Jan 04, 2001
Posts: 84
yes i agree with Dharmin
after seeing specs
sorry i got wrong
Thanks Dharmin
Rishi
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: auth constraint tags
 
Similar Threads
HFS Mock Exam - Q29 - Is the question correct? - Auth-constraint
web.xml
question about * and empty secutiry constraint
Question about security constraints
<auth-constraint>