jQuery in Action, 2nd edition*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Qn on auth-constraint Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Qn on auth-constraint" Watch "Qn on auth-constraint" New topic
Author

Qn on auth-constraint

Chandrakanth
Ranch Hand

Joined: Aug 16, 2005
Posts: 60
which all the users can access this resource....if we have something like below:

because in 1st security constraint says nobody has access.
and in second security constraint says every body has access to a resource..


<web-app>

<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/servlet</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>

<auth-constraint/>

</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/servlet</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>

</security-constraint>
</web-app>
Narendra Dhande
Ranch Hand

Joined: Dec 04, 2004
Posts: 950
Hi,

Nobody can access the resources because of <auth-constraint/>. If this is present then nobody can access the resources, though permission are granted in another secirity constaint for the same resource and http method.

Thanks


Narendra Dhande
SCJP 1.4,SCWCD 1.4, SCBCD 5.0, SCDJWS 5.0, SCEA 5.0
Chandrakanth
Ranch Hand

Joined: Aug 16, 2005
Posts: 60
Thx for the reply
Akshay Kiran
Ranch Hand

Joined: Aug 18, 2005
Posts: 220
yes thats right

<auth-constraint/> means NOBODY has access

but also note that, it is NOT the same as
<auth-constraint> being ABSENT -> this grants access to ALL.
which is same as
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>



"It's not enough that we do our best; sometimes we have to do<br />what's required."<br /> <br />-- Sir Winston Churchill
 
jQuery in Action, 2nd edition
 
subject: Qn on auth-constraint
 
Similar Threads
Some brain-storming questions in security
Enthuware mck exam : http-method in security-constraint
Query regarding constrained request
Dueling auth-constraint elements
Webapp Security