aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes security-constraint Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "security-constraint" Watch "security-constraint" New topic
Author

security-constraint

Sanjay pts
Ranch Hand

Joined: Nov 07, 2000
Posts: 357
hi all


i have a web.xml file like this

<security-constraint>
<web-resource-collection>
<web-resource-name>zzzz</web-resource-name>
<url-pattern>/TEST/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>tomcat</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>

Now i have a jsp under /TEST folder name custEntry.jsp and im using post method into that.
Now i have't mention ant HTTP method as i didnt used <http-method> in above web.xml.

So my question is can i use custEntry.jsp to post data. Can i use POST method ???
i tried this but it works fine.


=================
But on page 634 of HFS&JSP said

"If there were no <http-method> element,in the<web-resource-collection>,it would mean that NO hTTP method would allowed, by ANYONE in any role."
So is this statement is true ???

Thanx
sanjay


Eat JAVA, Drink JAVA, Sleep Java
Bassam Zahid
Ranch Hand

Joined: Mar 09, 2005
Posts: 61
HFS&JSP statement is correct. Try changing your security role.


BS<br />SCJP 1.4 88%<br />SCWCD 1.4 86%
Sanjay pts
Ranch Hand

Joined: Nov 07, 2000
Posts: 357
hi
thanx for prompt reply.
But what i understand is that if there is no <http-method> then all HTTP method is constrained. But here book said no HTTP method allowed
"by anyone in any role".

can u explain in detail please or elobrate way.
tahnx
Rodrigo W Bonatto
Ranch Hand

Joined: Aug 20, 2004
Posts: 62
Hi

See errata: http://www.oreilly.com/catalog/headservletsjsp/errata/headservletsjsp.confirmed

It should be: "If there are NO <http-method> elements, in the <web-resource-collection>, it would mean that ALL HTTP Methods are allowed."

... since you don't specify any security role in <auth-constraint>. If you do, the resource will be constrained in all http methods for the roles configured in <auth-constraint>.

Regards,

Rodrigo


SCJA, SCJP, SCJD, SCWCD, SCBCD5, SCDJWS, SCEA5
Sanjay pts
Ranch Hand

Joined: Nov 07, 2000
Posts: 357
Hi
Rodrigo,
Im trying since moroning and now its night 11pm.
Thanx for your help ,now i'll have sound sleep.
thank you once again
bye
sanjay
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: security-constraint