aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes HFSJ  634  page Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "HFSJ  634  page" Watch "HFSJ  634  page" New topic
Author

HFSJ 634 page

shanthisri mocherla
Ranch Hand

Joined: Sep 05, 2005
Posts: 119
Hi Ranchers
I'm just going through the security chapter in HFSJ.I've found some errors.I have the errata page with me right now.but I'm getting confused with the statements.

Errata:
handwitten comment at the bottom:


statement 1."If there were NO <http-method> elements in the <web-resouce-collection>,it would mean that NO HTTP Methods are allowed,by ANYONE in any role."

It should be

statement 2."if there are no <http-method> elements ,in the <web-resource-collection>,it would mean that All HTTP methods are allowed."

I did not find any hand written comment matching the
statement 1 in my book.

what my question is
1.whether the second statement is correct or not?
Thanks in advance
Shanthi

[ October 19, 2005: Message edited by: shanthisri mocherla ]
[ October 20, 2005: Message edited by: shanthisri mocherla ]
Radhika Jonnalagadda
Ranch Hand

Joined: Oct 13, 2004
Posts: 89
Hi Shanthisri,


statement 2."if there are no <http-method> elements ,in the <web-resource-collection>,it would mean that All HTTP methods are allowed."


This statement is correct.If you mention a method in <http-method>,it implies you are constraining only that method.Correct me if I am wrong.

regards,
JR


best regards,<br />Radhika<br /> <br />Dare to Dream.Care to Achieve.<br />SCJP 1.4, SCWCD 1.4.
Narendra Dhande
Ranch Hand

Joined: Dec 04, 2004
Posts: 950
Hi,

statement 2."if there are no <http-method> elements ,in the <web-resource-collection>,it would mean that All HTTP methods are allowed."


I think this is wrong

if there are no <http-method> elements ,in the <web-resource-collection>,it would mean that All HTTP methods are restricted. You require authentication for all methods to execute iff they are definded in the servlet. And if you define any one method in DD, then only this method is resctricted and all methods are allowed.

Thanks


Narendra Dhande
SCJP 1.4,SCWCD 1.4, SCBCD 5.0, SCDJWS 5.0, SCEA 5.0
Rizwan Mohammad
Ranch Hand

Joined: Sep 02, 2005
Posts: 445
Narendra is correct on what he is said. If we dont specify http-method then security applies to all methods.

From servlet spec,
"If no HTTP methods are specified, then the security constraint
applies to all HTTP methods."


Rizwan
SCJA, SCJP, SCWCD, SCBCD, SCDJWS.
shanthisri mocherla
Ranch Hand

Joined: Sep 05, 2005
Posts: 119
Thanks Radhika,Narendra and Rizwan.

I got it.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: HFSJ 634 page