| Author |
If http-method is not specified, then nobody can access the resource ?
|
Joshua Antony
Ranch Hand
Joined: Jun 05, 2006
Posts: 254
|
|
Please let me know if the below sentence is true
If we do not specify <http-method> inside <security-constraint> then NO one can access the resource provided in the <url-pattern> irrespective of the content of <auth-constraint>
|
SCJP,SCWCD, Into ATG now!
|
 |
swapna rao
Ranch Hand
Joined: Feb 12, 2008
Posts: 53
|
|
If we do not specify <http-method> inside <security-constraint> then NO one can access the resource provided in the <url-pattern> irrespective of the content of <auth-constraint>
Your statement is wrong.
If you don not specify http-method , then by default all HTTP methods will be constrained.
For example:
<security-constraint>
<web-resource-collection>
<web-resource-name>a</web-resource-name>
<url-pattern>/Testsample</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
In this example only users with role as "managers" will be able to make any HTTP requests(GET,POST,HEAD,PUT,TRACE,OPTIONS,DELETE) on the resource Testsample.Other users will not be able to make any HTTP request on the resource Testsample.
If no <auth-constraint> is present in the above case,everyone will given access the make any HTTP request on Testsample.
If empty <auth-constraint/> is present in above case, no body will be able to make any HTTP request on Testsample.
Please anyone correct me,if I'm wrong.
|
SCJP-88<br />SCWCD-94
|
|
Khadija Lokhandwala
Ranch Hand
Joined: Sep 11, 2007
Posts: 33
|
|
Hi,
Swapna,That is correct.
If no <http-method> is specified in <web-resource-collection> element, then all the HTTP Methods are restrained and only roles mentioned in <auth-constraint> can access those resources.
|
If you ask me anything I don't know, I'm not going to answer.<br />--Yogi Berra
|
|
 |
|
|
subject: If http-method is not specified, then nobody can access the resource ?
|
|
|
0
