File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes If  http-method is not specified, then nobody can access the resource ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of JavaScript Promises Essentials this week in the JavaScript forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "If  http-method is not specified, then nobody can access the resource ?" Watch "If  http-method is not specified, then nobody can access the resource ?" New topic
Author

If http-method is not specified, then nobody can access the resource ?

Joshua Antony
Ranch Hand

Joined: Jun 05, 2006
Posts: 254
Please let me know if the below sentence is true

If we do not specify <http-method> inside <security-constraint> then NO one can access the resource provided in the <url-pattern> irrespective of the content of <auth-constraint>


SCJP,SCWCD, Into ATG now!
swapna rao
Ranch Hand

Joined: Feb 12, 2008
Posts: 53
If we do not specify <http-method> inside <security-constraint> then NO one can access the resource provided in the <url-pattern> irrespective of the content of <auth-constraint>


Your statement is wrong.
If you don not specify http-method , then by default all HTTP methods will be constrained.
For example:
<security-constraint>
<web-resource-collection>
<web-resource-name>a</web-resource-name>
<url-pattern>/Testsample</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>

In this example only users with role as "managers" will be able to make any HTTP requests(GET,POST,HEAD,PUT,TRACE,OPTIONS,DELETE) on the resource Testsample.Other users will not be able to make any HTTP request on the resource Testsample.
If no <auth-constraint> is present in the above case,everyone will given access the make any HTTP request on Testsample.
If empty <auth-constraint/> is present in above case, no body will be able to make any HTTP request on Testsample.

Please anyone correct me,if I'm wrong.


SCJP-88<br />SCWCD-94
Khadija Lokhandwala
Ranch Hand

Joined: Sep 11, 2007
Posts: 33
Hi,
Swapna,That is correct.
If no <http-method> is specified in <web-resource-collection> element, then all the HTTP Methods are restrained and only roles mentioned in <auth-constraint> can access those resources.


If you ask me anything I don't know, I'm not going to answer.<br />--Yogi Berra
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: If http-method is not specified, then nobody can access the resource ?