Personally I disagree with the answer on page 660 due to the following explanation:
Isn't so that if http-method IS OMITTED, no request no matter which role, are allowed? For the Container to allow any HTTP method (request) for foo/bar/* directory there is gotta be at least one http-method declared element? Am I right?
Though a constraint limits who can access a resource, its definition still centers upon who can access a resource, not by who can't.
http-method is designed to simply allow more precision to a constraint. If no http-method is specified, the constraint applies to all methods. Omitting http-method will only make your constraint method-agnostic.
Constraints can get pretty confusing and you can easily make mistakes if you're not careful. Here's a letter I may or may not have received recently from a sweet gal named Mary. Maybe someone here could help her out.
My name is Mary and I own my own hiking trail in a private park just south of Denver, Colorado. People like to come to my trail to run, walk, hop, skip, and jump. The park that holds my trail allows pets but the humans on my trail aren't cleaning up after their dogs. Gross! I decide I don't want to allow dogs (or any other pets) on my trail anymore.
How do I fix that? I need a constraint for my trail!
So I set a constraint that only allows members of the "human" role.
Wonderful! No more dog poo!
A month later I start getting complaints from many of the older folks who walk my trail. They say that a lot of rowdy kids have caused problems with their running, hopping, skipping, and especially jumping! Bummer.
Now I need to prevent run, hop, skip, and jump travel-methods on my trail. My previous constraint applied to all methods of travel because I didn't specify any. Humans were allowed to travel however they wanted. So I added to my previous constraint the travel-method of "walk" so that humans could only walk on my trail. No running. No hopping. No skipping. And certainly no jumping!
Feeling pretty good about myself I took a vacation to Mexico for a couple weeks. But during my first day there, while working on my tan and sipping on a margarita, I received a phone call from the park ranger who said, "Mary, you're not going to believe this but I swear I just saw some dogs on your trail running, hopping, skipping, and dare I say... jumping!" My heart fell into my stomach as I realized how much poo I'd have to clean up when I get back.
What did I do wrong? What can I have the park ranger do to fix it? Don't you have any good ranch hands that can help me solve this?
Sincerely, Mary Gotrubble
[ May 09, 2006: Message edited by: Marc Peabody ]
A good workman is known by his tools.
Joined: Jan 11, 2005
Look at the HFS page 634 and the comment written about http-method GET /http-method. Briefly in it it was said "If there were no http-method element, it would mean that no HTTP methods are allowed, by ANYONE in any role. But since we put in one role for GET, it means that only GET is constrained...." I tried to apply this rule with the exercise on page 658.
So either this explanation should be edited or the exercise answer. Which one? Or should I just perform a test with Tomcat?
[ May 10, 2006: Message edited by: janne RockGulf ] [ May 10, 2006: Message edited by: janne RockGulf ]