• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Doubt on Security

 
Ranch Hand
Posts: 437
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
Given that a Deployment Descriptor has only one security role, defined as:
1. <security-role>
2. <role-name>Member</role-name>
3. </security-role>

Which are valid <auth-constraint> elements that will allow users to access resources constrained by the security role declared?

The answers are
1. <auth-constraint>*</auth-constraint>
2. <auth-constraint><Member</auth-constraint>

Now, I am clear with the second answer. I am not clear with the first answer. How can *(which refers to all) be given access? Can anybody help me?
With regards,
Padma priya N.G.
 
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

When <auth-constraint>*</auth-constraint> , the container does not check the <security-role>. The access is given to every one. This is default, as good as , no security mechanism is applied to application. Even the login screen (Form and basic authentication) will not appear for this constraint.

Thanks
 
Padma priya Gururajan
Ranch Hand
Posts: 437
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Narendra,
As per the question, security is given only to member and not to all. My question and how the answer has appeared is totally different. Security is given to member and to all. Can you explain why everyone was chosen when member alone should have been chosen?
Thanks,
Padma priya N.G.
 
Narendra Dhande
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

You define the resource using the <web-resource-collection> and the secure the resource using <auth-constraint> to tell the container only the these role has access to this area. If there is * in <role-name> under <auth-constraint> then all users are permitted including Member. If you want to give access to only Member, then the * is not valid.

The <auth-constraint> element have <role-name> sub tag, therefore the entries defined in your example are invalid.

Thanks
[ August 28, 2007: Message edited by: Narendra Dhande ]
 
Padma priya Gururajan
Ranch Hand
Posts: 437
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Narendra,
Do you mean to say that the answers are invalid?
Thanks,
Padma priya N.G.
 
Narendra Dhande
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

The Full sample security-constraint entry is



So, at least syntax level It is invalid.

Thanks
 
Padma priya Gururajan
Ranch Hand
Posts: 437
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Narendra,
Do you mean to say that admin is the only person who has the security permission and not all. Am I right?
Thanks,
Padma priya N.G.
 
Narendra Dhande
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi

The only admin can access the POST and GET request for the given URL in this example. But for other Methods everyone can access the resource.

Thanks
 
Padma priya Gururajan
Ranch Hand
Posts: 437
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Narendra,
Do you mean to say that (1)admin has access to the GET and the POST methods and (2) others have access to all the methods.
 
Padma priya Gururajan
Ranch Hand
Posts: 437
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
Since everyone have access to all the methods in the application, member and *(indicating everyone) have access to the application. Am I right?
Thanks,
Padma priya N.G.
 
Narendra Dhande
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Yes, it is like that.

Thanks
 
Padma priya Gururajan
Ranch Hand
Posts: 437
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Narendra,
Thanks for clearing the doubt.
Padma priya N.G.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic