my dog learned polymorphism
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes HFSJ 634 page Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Reply Bookmark "HFSJ 634 page" Watch "HFSJ 634 page" New topic
Author

HFSJ 634 page

shanthisri mocherla
Ranch Hand

Joined: Sep 05, 2005
Posts: 119
posted private message
0
Quote
Hi Ranchers
I'm just going through the security chapter in HFSJ.I've found some errors.I have the errata page with me right now.but I'm getting confused with the statements.

Errata:
handwitten comment at the bottom:


statement 1."If there were NO <http-method> elements in the <web-resouce-collection>,it would mean that NO HTTP Methods are allowed,by ANYONE in any role."

It should be

statement 2."if there are no <http-method> elements ,in the <web-resource-collection>,it would mean that All HTTP methods are allowed."

I did not find any hand written comment matching the
statement 1 in my book.

what my question is
1.whether the second statement is correct or not?
Thanks in advance
Shanthi

[ October 19, 2005: Message edited by: shanthisri mocherla ]
[ October 20, 2005: Message edited by: shanthisri mocherla ]
Radhika Jonnalagadda
Ranch Hand

Joined: Oct 13, 2004
Posts: 89
posted private message
0
Quote
Hi Shanthisri,


statement 2."if there are no <http-method> elements ,in the <web-resource-collection>,it would mean that All HTTP methods are allowed."


This statement is correct.If you mention a method in <http-method>,it implies you are constraining only that method.Correct me if I am wrong.

regards,
JR

best regards,<br />Radhika<br /> <br />Dare to Dream.Care to Achieve.<br />SCJP 1.4, SCWCD 1.4.
Narendra Dhande
Ranch Hand

Joined: Dec 04, 2004
Posts: 950
posted private message
0
Quote
Hi,

statement 2."if there are no <http-method> elements ,in the <web-resource-collection>,it would mean that All HTTP methods are allowed."


I think this is wrong

if there are no <http-method> elements ,in the <web-resource-collection>,it would mean that All HTTP methods are restricted. You require authentication for all methods to execute iff they are definded in the servlet. And if you define any one method in DD, then only this method is resctricted and all methods are allowed.

Thanks

Narendra Dhande
SCJP 1.4,SCWCD 1.4, SCBCD 5.0, SCDJWS 5.0, SCEA 5.0
Rizwan Mohammad
Ranch Hand

Joined: Sep 02, 2005
Posts: 445
posted private message
0
Quote
Narendra is correct on what he is said. If we dont specify http-method then security applies to all methods.

From servlet spec,
"If no HTTP methods are specified, then the security constraint
applies to all HTTP methods."

Rizwan
SCJA, SCJP, SCWCD, SCBCD, SCDJWS.
shanthisri mocherla
Ranch Hand

Joined: Sep 05, 2005
Posts: 119
posted private message
0
Quote
Thanks Radhika,Narendra and Rizwan.

I got it.
 
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
 
subject: HFSJ 634 page
 
Similar Threads
no http-method
HFSJ - errata
http-method not specified
http-method element in web-resource-collection
HF errata