File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security-constraint

 
Sanjay pts
Ranch Hand
Posts: 357
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all


i have a web.xml file like this

<security-constraint>
<web-resource-collection>
<web-resource-name>zzzz</web-resource-name>
<url-pattern>/TEST/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>tomcat</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>

Now i have a jsp under /TEST folder name custEntry.jsp and im using post method into that.
Now i have't mention ant HTTP method as i didnt used <http-method> in above web.xml.

So my question is can i use custEntry.jsp to post data. Can i use POST method ???
i tried this but it works fine.


=================
But on page 634 of HFS&JSP said

"If there were no <http-method> element,in the<web-resource-collection>,it would mean that NO hTTP method would allowed, by ANYONE in any role."
So is this statement is true ???

Thanx
sanjay
 
Bassam Zahid
Ranch Hand
Posts: 61
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HFS&JSP statement is correct. Try changing your security role.
 
Sanjay pts
Ranch Hand
Posts: 357
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi
thanx for prompt reply.
But what i understand is that if there is no <http-method> then all HTTP method is constrained. But here book said no HTTP method allowed
"by anyone in any role".

can u explain in detail please or elobrate way.
tahnx
 
Rodrigo W Bonatto
Ranch Hand
Posts: 62
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

See errata: http://www.oreilly.com/catalog/headservletsjsp/errata/headservletsjsp.confirmed

It should be: "If there are NO <http-method> elements, in the <web-resource-collection>, it would mean that ALL HTTP Methods are allowed."

... since you don't specify any security role in <auth-constraint>. If you do, the resource will be constrained in all http methods for the roles configured in <auth-constraint>.

Regards,

Rodrigo
 
Sanjay pts
Ranch Hand
Posts: 357
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
Rodrigo,
Im trying since moroning and now its night 11pm.
Thanx for your help ,now i'll have sound sleep.
thank you once again
bye
sanjay
 
Consider Paul's rocket mass heater.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic