• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security-constraint

 
Sanjay pts
Ranch Hand
Posts: 357
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all


i have a web.xml file like this

<security-constraint>
<web-resource-collection>
<web-resource-name>zzzz</web-resource-name>
<url-pattern>/TEST/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>tomcat</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>

Now i have a jsp under /TEST folder name custEntry.jsp and im using post method into that.
Now i have't mention ant HTTP method as i didnt used <http-method> in above web.xml.

So my question is can i use custEntry.jsp to post data. Can i use POST method ???
i tried this but it works fine.


=================
But on page 634 of HFS&JSP said

"If there were no <http-method> element,in the<web-resource-collection>,it would mean that NO hTTP method would allowed, by ANYONE in any role."
So is this statement is true ???

Thanx
sanjay
 
Bassam Zahid
Ranch Hand
Posts: 61
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HFS&JSP statement is correct. Try changing your security role.
 
Sanjay pts
Ranch Hand
Posts: 357
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi
thanx for prompt reply.
But what i understand is that if there is no <http-method> then all HTTP method is constrained. But here book said no HTTP method allowed
"by anyone in any role".

can u explain in detail please or elobrate way.
tahnx
 
Rodrigo W Bonatto
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

See errata: http://www.oreilly.com/catalog/headservletsjsp/errata/headservletsjsp.confirmed

It should be: "If there are NO <http-method> elements, in the <web-resource-collection>, it would mean that ALL HTTP Methods are allowed."

... since you don't specify any security role in <auth-constraint>. If you do, the resource will be constrained in all http methods for the roles configured in <auth-constraint>.

Regards,

Rodrigo
 
Sanjay pts
Ranch Hand
Posts: 357
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
Rodrigo,
Im trying since moroning and now its night 11pm.
Thanx for your help ,now i'll have sound sleep.
thank you once again
bye
sanjay
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic