http-method in security-constraint doubt

<security-constraint>
<web-resource-collection>
<web-resource-name>NAME</web-resource-name>
<http-method>GET</http-method>
<url-pattern>/myJsp.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Manager</role-name>
</auth-constraint>
</security-constraint>

User with role Manager will be prompted on a userName and password in the browser upon requesting the above URL with http GET method.

What will happen If the Manager tried a httpmethod PUT in the >/myJsp.jsp?

Removing the <http-method> method altogether and exceuting a
GET method by the Manager what will happen?
Please help.Thanks in Advance.

for your dd other than get method no authorization will appplied for other http method.
but if you remove hhtp-method tag for all methods constraints will be applicable

that means Removing the <http-method> method altogether and exceuting a
GET method by the Manager will promt username and password??

Hi,
As per my understanding HTML only supports only two methods POST and GET.

-Lave

Hi,

That means it we remove <http-method> tag, we can use any one http method

Hi,

That means it we remove <http-method> tag, we can use any one http method

I think you should not remove http-method tag. Please HTML form does support only POST and GET methods but there are other clients which can support other methods also.

-Lave

<http-method>GET</http-method>
when you specify an <http-method> element, then that particular method is constrained, and rest all HTTP methods (POST, PUT, TRACE etc.) are unconstrained.
But, if you drop the <http-method> tag altogether, then all the methods are constrained.

Hope this helps all.