| Author |
Question about Dueling auth-constraint elements
|
Jack Lee
Ranch Hand
Joined: Jun 06, 2006
Posts: 38
|
|
HFSJ describes the rules for dueling <auth-constraint> elements in page 639. There are four rules. But I am still confused by the following combinations:
1. * and empty <auth-constraint>
2. * and no <auth-constraint>
3. empty <auth-constraint> and no <auth-constraint
Acutally, these questions go down the simple one:
what's the priority order of *, empty, and no <auth-constraint>
|
SCJP 5.0<br />SCWCD 1.4
|
 |
Christophe Verré
Sheriff
Joined: Nov 24, 2005
Posts: 14685
|
|
From the spec :
The combination of authorization constraints that name roles or that imply roles via the name �*� shall yield the union of the role names in the individual constraints as permitted roles.
A security constraint that does not contain an authorization constraint shall combine with authorization constraints that name or imply roles to allow unauthenticated access. The special case of an authorization constraint that names no roles shall combine with any other constraints to override
their affects and cause access to be precluded.
So an empty constraint will override all others, denying access to the resource.
|
[My Blog]
All roads lead to JavaRanch
|
|
cheenu Dev
Ranch Hand
Joined: Nov 13, 2005
Posts: 276
|
|
|
hey jack please search..all these posts had already been discussed.some time ago.
|
cheenujunk@gmail.com
|
|
 |
|
|
subject: Question about Dueling auth-constraint elements
|
|
|
0
