A friendly place for programming greenhorns!
Big Moose Saloon
Search
|
Java FAQ
|
Recent Topics
Register / Login
Win a copy of
Arduino in Action
this week in the
General Computing
forum!
A special promo:
Enter your blog post or vote on a blogger to be featured in an upcoming Journal
JavaRanch
»
Java Forums
»
Certification
»
Web Component Certification (SCWCD/OCPJWCD)
Author
Few guesses about security
Gowher Naik
Ranch Hand
Joined: Feb 07, 2005
Posts: 643
posted
Nov 07, 2006 23:41:00
0
case 1: <security-constraint> <web-resource-collection> <web-resource-name>webapp</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> All methods has constraint because <http-method> tag is missing case 2: <security-constraint> <web-resource-collection> <web-resource-name>webapp</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> Only GET and POST method has constraint case 3: security-constraint> <web-resource-collection> <web-resource-name>webapp</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> </auth-constraint> </security-constraint> No user are allowed because <user-role> tag is missing case 4: security-constraint> <web-resource-collection> <web-resource-name>webapp</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint/> </security-constraint> No user are allowed due to <auth-constraint/> tag case 5: security-constraint> <web-resource-collection> <web-resource-name>webapp</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> </security-constraint> Every one is allowed beacuse <auth-constraint> tag is missing case 6: security-constraint> <web-resource-collection> <web-resource-name>webapp</web-resource-name> <url-pattern>/*</url-pattern> <http-method></http-method> </web-resource-collection> <auth-constraint> </auth-constraint> </security-constraint> I guess no method is allowed case 7: <security-constraint> <web-resource-collection> <web-resource-name>webapp</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name></role-name> </auth-constraint> </security-constraint> I guess no one has access
I have no doubt about case 1 to 5
But for case 6 and 7 i am not sure
please correct me if i am wrong.
Thanks
I agree. Here's the link:
http://zeroturnaround.com/jrebel
- it saves me about five hours per week
subject: Few guesses about security
Similar Threads
localhost:8080 --> mydomain.com
Authorization using JAAS with Struts2
declarative authorization not working
Declarative Security using web.xml
Tips on form-based authetication
All times are in JavaRanch time: GMT-6 in summer, GMT-7 in winter
0
