File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Question on Rules of auth-constraint

 
Luke
Greenhorn
Posts: 10
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

On HFSJ page 639, It gives the following rules

Case 1


Contents of A
--------------------
<auth-constraint>
<role-name>Guest</role-name>
</auth-constraint>

Contents of B
-----------------

<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>

People can Access
-----------------------
Guest & Admin


Case 2

Contents of A
--------------------
<auth-constraint>
<role-name>Guest</role-name
</auth-constraint>

Contents of B
-----------------
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>

People can Access
-----------------------
All


Case 3


Contents of A
--------------------
<auth-constraint/>

Contents of B
-----------------
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>

People can Access
-----------------------
None

Case 4


Contents of A
--------------------

No <auth-constraint> Element

Contents of B
-----------------
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>


People can Access
-----------------------
All


Now can u please explain who can access the following ?


Case 5


Contents of A
-----------------
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>

Contents of B
-----------------
<auth-constraint/>

People can Access
-----------------------
???

case 6


Contents of A
-----------------
<auth-constraint/>

Contents of B
-----------------
No <auth-constraint> Element
People can Access
-----------------------
???


I would like to know which takes precedence between (*,Empty tag && the No auth tag)

Thanks
[ September 14, 2005: Message edited by: Luke Augustus ]
 
B.Sathish
Ranch Hand
Posts: 372
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I had asked the same question a few days back. I didnt get a reply. Looks like you can try it out and post the results . I feel the <auth-constraint/> would win
 
Esam Ahmed
Ranch Hand
Posts: 101
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Case 5


Contents of A
-----------------
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>

Contents of B
-----------------
<auth-constraint/>

People can Access
-----------------------
???

NOBODY: because <auth-constraint /> interprets as it is declaring who are allowed, but anyway nobody is. It is an empty tag. Does not declare anybody with the body.

case 6


Contents of A
-----------------
<auth-constraint/>

Contents of B
-----------------
No <auth-constraint> Element
People can Access
-----------------------
???

NOBODY: No <auth-constraint> element is the same as allowing everybody as with:
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>

As noted in HFS/J (p 637): "NO <auth-constraint> is the opposite of an EMPTY <auth-constraint /> ! "

The rule also says: "an empty <auth-constraint> tag combines with anything else to allow access to nobody! In other words, an empty <auth-constraint> is always the final word." (From HFS/J p. 639)

Let me know if it is clear...

Esam.
 
Luke
Greenhorn
Posts: 10
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Esam

Thanks a lot. It�s clear now.

Thanks
Luke
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic