This week's book giveaway is in the Android forum.
We're giving away four copies of Head First Android and have Dawn & David Griffiths on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Question about auth-constraint Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Head First Android this week in the Android forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Question about auth-constraint" Watch "Question about auth-constraint" New topic
Author

Question about auth-constraint

alzamabar
Ranch Hand

Joined: Jul 24, 2002
Posts: 379
What happens if two conflicting <security-constraint> elements have got the following declaration for the same resource (let's say /secureServet/*):

Security constraint A:

<auth-constraint />

Security constraint B:

<auth-constraint>
<role-name>*</role-name>
</auth-constraint>

How will the resulting table be defined? With nobody or everybody?


Marco Tedone<br />SCJP1.4,SCJP5,SCBCD,SCWCD
Jose Esteban
Ranch Hand

Joined: Nov 28, 2004
Posts: 102
The Servlet 2.4 (SRV.12.8.1) spec says:
"The special case of an authorization constraint that names no roles shall combine with any other constraints to override their affects and cause access to be precluded."

So the answer is NOBODY.
 
Consider Paul's rocket mass heater.
 
subject: Question about auth-constraint
 
jQuery in Action, 3rd edition