This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes http-method and authorization Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "http-method and authorization" Watch "http-method and authorization" New topic
Author

http-method and authorization

stephen dimitrov
Greenhorn

Joined: Feb 28, 2005
Posts: 16
I'm reading Head First Servlets and JSP and I'm confused about security. On page 634 it discusses using <http-method> in the DD. According to the errata, the following should be true:

" If there are NO <http-method> elements, in the <web-resource-collection>, it would mean that ALL HTTP Methods are allowed."

However, this contradicts what's mentioned on 635, which says:

"If you do NOT specify any <http-method>, then you're constraining all HTTP methods."

So, which one is it?

Thanks,
Stephen
chowdary Thammineedi
Ranch Hand

Joined: Aug 16, 2004
Posts: 126
Hello Stephen

There was a nice discussion on this topic about a month ago on this forum.
But I still remeber the FINAL WORD of that discussion.


The web-resource-collectionType is used to identify a subset
of the resources and HTTP methods on those resources within
a web application to which a security constraint applies. If
no HTTP methods are specified, then the security constraint
applies to all HTTP methods.


This quote is from the page 133 of the servlet 2.4 specification. Under the Deployment Descriptor bokkmark.

CONCLUSION: If you do not specify any <http-method> then all methods are constrained.

The original discussion is over here
http://www.coderanch.com/t/169402/java-Web-Component-SCWCD/certification/multiple-security-constraint-elements

Hope this helps
Kejal Shah
Ranch Hand

Joined: Jun 27, 2003
Posts: 87
Hey Stephen,
where's the errata for the book?


Kejal<br />SaneDevil@gmail.com
stephen dimitrov
Greenhorn

Joined: Feb 28, 2005
Posts: 16
Thanks for the quick answer. As for the errata -
errata
 
 
subject: http-method and authorization
 
Similar Threads
<security-constraint> in web.xml (http-method)
security constraint : http-method
http-method element
no http-method
No- HTTP method element??