posted 15 years ago
Hi,
1)If no <http-method> is specified means all are contrained i.e no HTTP method allowed by any user .
2) If <http-method> is specified then only those which are specified are contrained others which are not specified they are not constrained.
3)If there is no <auth-contstraint> that means all are allowed , its equal to <auth-contstraint>*</auth-contstraint>
4)If there is empty <auth-contstraint> then no1 is allowed .
5)If some role is specified in <auth-constraint> then that role is only allowed to make constarined request on constarined resourse .
I hope , it will help you in digesting.
Thanks
Vishal Chugh