This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes auth constraint tags Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "auth constraint tags" Watch "auth constraint tags" New topic

auth constraint tags

peter mcp

Joined: Jan 23, 2003
Posts: 8
As the <auth-constraint> tag is optional within a <security-constraint>, will the specified security constraint then apply to all roles ?
cheers !!
Rishi Yagnik
Ranch Hand

Joined: Jan 04, 2001
Posts: 84
pls correct me someone as i am few days away from exam
peter mcp

Joined: Jan 23, 2003
Posts: 8
thank you !!
my exam is tomorrow morning !!
good luck
Dharmin Desai
Ranch Hand

Joined: Feb 28, 2002
Posts: 81
No rishi and peter, i hv an opposite opinion to that.
No user is allowed to access that resource collection if u will not declare auth-conatraint for that security contraint.
I m quoting page no - 85 of Servlet Specification:
An authorization constraint is a set of security roles at least one of which users
must belong for access to resources described by the web resource collection. If
the user is not part of an allowed role, the user must be denied access to the
resource requiring it. If the authorization constraint defines no roles, no user is
allowed access to the portion of the web application defined by the security

I m asking some more person to post their Ideas here.
Best regards, Dharmin

SCJP2 (93%),SCWCD(88%)<br />-------------------------------<br />Never under estimate yr self, just represent yr profile in proper manner.
Rishi Yagnik
Ranch Hand

Joined: Jan 04, 2001
Posts: 84
yes i agree with Dharmin
after seeing specs
sorry i got wrong
Thanks Dharmin
It is sorta covered in the JavaRanch Style Guide.
subject: auth constraint tags
Similar Threads
Question about security constraints
HFS Mock Exam - Q29 - Is the question correct? - Auth-constraint
question about * and empty secutiry constraint