This week's book giveaway is in the OCMJEA forum.
We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Qn on auth-constraint Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Qn on auth-constraint" Watch "Qn on auth-constraint" New topic
Author

Qn on auth-constraint

Chandrakanth
Ranch Hand

Joined: Aug 16, 2005
Posts: 60
which all the users can access this resource....if we have something like below:

because in 1st security constraint says nobody has access.
and in second security constraint says every body has access to a resource..


<web-app>

<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/servlet</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>

<auth-constraint/>

</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/servlet</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>

</security-constraint>
</web-app>
Narendra Dhande
Ranch Hand

Joined: Dec 04, 2004
Posts: 950
Hi,

Nobody can access the resources because of <auth-constraint/>. If this is present then nobody can access the resources, though permission are granted in another secirity constaint for the same resource and http method.

Thanks


Narendra Dhande
SCJP 1.4,SCWCD 1.4, SCBCD 5.0, SCDJWS 5.0, SCEA 5.0
Chandrakanth
Ranch Hand

Joined: Aug 16, 2005
Posts: 60
Thx for the reply
Akshay Kiran
Ranch Hand

Joined: Aug 18, 2005
Posts: 220
yes thats right

<auth-constraint/> means NOBODY has access

but also note that, it is NOT the same as
<auth-constraint> being ABSENT -> this grants access to ALL.
which is same as
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>



"It's not enough that we do our best; sometimes we have to do<br />what's required."<br /> <br />-- Sir Winston Churchill
 
 
subject: Qn on auth-constraint