This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes web app security - Dueling auth-constraint elements Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "web app security - Dueling auth-constraint elements" Watch "web app security - Dueling auth-constraint elements" New topic
Author

web app security - Dueling auth-constraint elements

Vidya Sethuraman
Ranch Hand

Joined: Sep 28, 2003
Posts: 45
Hi,
I have a doubt regarding Deuling <auth-constraint> elements.
How does the container resolve access
if one security-constraint, has empty <auth-constraint/> tag and
the other constraint has
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>

Which one does it consider?
Allow access to everybody or allow access to nobody.

Thanks!


Vidya <br />(SCJP 1.4)
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

Ithink this is described in the spec :

SRV.12.8.1 Combining Constraints

The special case of an authorization
constraint that names no roles shall combine with any other constraints to override
their affects and cause access to be precluded.

So nobody will have access. If anybody could comment on that, I'm not feeling 100% sure.


[My Blog]
All roads lead to JavaRanch
Vidya Sethuraman
Ranch Hand

Joined: Sep 28, 2003
Posts: 45
Hi,

Thanks for the quick reply! I read the spec and I think an empty <auth-constraint> is always the final word!
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: web app security - Dueling auth-constraint elements
 
Similar Threads
Dueling auth-constraint elements
Doubt on Security
Authorisation related
Marcus Green Quiz 1 - Mock Exam Question Doubt
Doubts: Mock by HFSJ 1st Edt