• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HF errata

 
sangeeta kapoor
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
page 634

the errate says

{634} hand written comment at the bottom;
"If there were NO <http-method> elements in the <web-resource-collection>, it would mean that NO HTTP Methods are allowed, by ANYONE in any role."
should be:
"If there are NO <http-method> elements, in the <web-resource-collection>, it would mean that ALL HTTP Methods are allowed."


{634} Key points about <web-resource-collection>;
If no HTTP Methods are specified then ALL Method will be constrained!!
should be
"If a <web-resource-collection> element contains no <http-method> elements, then
the collection includes the use of ALL HTTP methods on all of the URL patterns."



This suggests a change that if no <http-method> is specified then all are allowed .
But errata does not specify anything about the 2nd paragraph in 2nd box on Page 635 which reads


If you do not specify any <http-method>, then you are constraining all HTTP methods.


I am confused , which one is correct ?
 
shankar valiinaykam
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Sangeeta,

Ahh....You are also stuck there. Even I was....

Okay! THis is how it goes...If no http-method is explicitly mentioned, then all http methods are constrained (allowed only) for those roles mentioned in auth-constraints.

There is one question in mock exam in the chapter which will make you much more clearer.

Regards,
Shankar
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic