File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Doubt in the http-method Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Reply Bookmark "Doubt in the http-method" Watch "Doubt in the http-method" New topic
Author

Doubt in the http-method

raja ram
Ranch Hand

Joined: Mar 02, 2008
Posts: 169
posted private message
0
Quote
Hi,

In HFSJ first edition page no 634 it is said that "if no <http-method> is specified then that means none of the http-methods are allowed

In Page no 660 it is said that "we left off <http-method> so that no http-methods are accessible by any one apart from Admin

It is confussing when we wont specify http-method in such cases none of them are able to access any of the http-methods but in second case even though we have not specified http-method by specifying the <role-name> Admin </role-name> how Admin will be able to access all the http-methods but not others. I think even Admin should not be able to have access to any of the http-methods becuase we have no specified http-methods in web.xml is that correct?

Thanks
deepa raj
Ranch Hand

Joined: Jul 25, 2008
Posts: 124
posted private message
0
Quote
if role-name is specified , only the specfied role name can access the resource with that specified http method.

if the http-method tag is not there, all the HTTP methods are constrained.

so , all the methods can be used to access the resource by the Admin which is role specified in role-name.

Hope this helps.
 
I agree. Here's the link: http://zeroturnaround.com/jrebel
 
subject: Doubt in the http-method
 
Similar Threads
security constraint - not working
Sharpen Your Pencil - PN 658
Having serious trouble configuring Authorization
security-constraint question
Form based login