Two Laptop Bag*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Qn on auth-constraint Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Qn on auth-constraint" Watch "Qn on auth-constraint" New topic
Author

Qn on auth-constraint

Chandrakanth
Ranch Hand

Joined: Aug 16, 2005
Posts: 60
which all the users can access this resource....if we have something like below:

because in 1st security constraint says nobody has access.
and in second security constraint says every body has access to a resource..


<web-app>

<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/servlet</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>

<auth-constraint/>

</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/servlet</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>

</security-constraint>
</web-app>
Narendra Dhande
Ranch Hand

Joined: Dec 04, 2004
Posts: 950
Hi,

Nobody can access the resources because of <auth-constraint/>. If this is present then nobody can access the resources, though permission are granted in another secirity constaint for the same resource and http method.

Thanks


Narendra Dhande
SCJP 1.4,SCWCD 1.4, SCBCD 5.0, SCDJWS 5.0, SCEA 5.0
Chandrakanth
Ranch Hand

Joined: Aug 16, 2005
Posts: 60
Thx for the reply
Akshay Kiran
Ranch Hand

Joined: Aug 18, 2005
Posts: 220
yes thats right

<auth-constraint/> means NOBODY has access

but also note that, it is NOT the same as
<auth-constraint> being ABSENT -> this grants access to ALL.
which is same as
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>



"It's not enough that we do our best; sometimes we have to do<br />what's required."<br /> <br />-- Sir Winston Churchill
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Qn on auth-constraint
 
Similar Threads
Some brain-storming questions in security
Dueling auth-constraint elements
Query regarding constrained request
Enthuware mck exam : http-method in security-constraint
Webapp Security