• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Doubt about auth-constraint

 
Ranch Hand
Posts: 643
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


in above code what will happen when
<auth-constraint/>
and
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
will appear in same DD for same webapp?
 
arch rival
Posts: 2813
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What happens when you try to deploy that DD?
 
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey Gower

Check the HF again. The golden rule says:

"When 2 different NON EMPTY <auth-constraint> elements apply to the same constrained resources access is granted to the union of all roles from both of the <auth-constraint> elements"

So in your case NOBODY has the access. remenber the word. NON EMPTY NON EMPTY NON EMPTY NON EMPTY
 
Marcus Green
arch rival
Posts: 2813
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, don't check a book, actually deploy the code. What if there were an error in the book or a question that was supposed to illustrate this idea? You are far more likely to learn by doing than by reading.
 
Ranch Hand
Posts: 292
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well Marcus that's true as long as you're tryin' it out with a single <security-constraint> element in your Deployment Descriptor...it works fine....but I've run into a lotta problems when tryin' to combine 2 <security-constraint> elements ....you can check this thread posted by me....Combining security constraints
[ December 11, 2006: Message edited by: Sayak Banerjee ]
 
Marcus Green
arch rival
Posts: 2813
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The reason I suggested trying it out was that I was experimenting with part of this issue only a couple of days ago, and as a result created a mock exam question that covered it. I only got as far as confirming that having a <auth-constraint/> means nobody gets to access the resource. I think that is as far as you need go on this for exam purposes.

I have taken to using the Tomcat built into Netbeans for most of these purposes, and it has a direct way to launch the Tomcat admin web application that allows you to manipulate users and roles. I'll describe further if you are interested.
Marcus
 
Sayak Banerjee
Ranch Hand
Posts: 292
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes Marcus...I'm interested in knowing more about it...also, it would be helpful if you let me know as to why this happening...Trust me, I've pondered long about it and finally gave up on it thinking that it would be a container specific issue....Please post your responses on this on the original thread HERE.....Thanks for showin' interest Marcus
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic