| Author |
problem regarding empty auth-constraint tag
|
Deep Mukherjee
Greenhorn
Joined: Jan 04, 2010
Posts: 19
|
|
I have created one jsp and called a servelt from there .My JSP contains following code
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<form method=GET action="TestServlet">
<INPUT TYPE=SUBMIT>
</form>
</body>
</html>
I have wriiten a sysout state ment in servlet post method.I have put a security constrain in web.xml like this
<security-constraint>
<web-resource-collection>
<web-resource-name>TestWebProject</web-resource-name>
<url-pattern>/TestWebProject/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
</auth-constraint>
</security-constraint>
as my </auth-constraint> tag is blank according to defination Post method should not be invoked .But in this case it is getting called and i can see Sysout statement in console .Can any one help where i am wrong?
|
 |
Jk Robbins
Ranch Hand
Joined: Dec 16, 2010
Posts: 159
|
|
|
You've constrained POST but your form is doing a GET. Once you list even a single method as constrained, all other methods are enabled for everyone.
|
|
Kumaravadivel Subramani
Ranch Hand
Joined: Jul 05, 2008
Posts: 159
|
|
If you want to enable constrains for GET method also have entry as below,
<http-method>GET</http-method>
<http-method> POST </http-method>
|
No pain, No gain.
OCJP 1.6
|
|
Deep Mukherjee
Greenhorn
Joined: Jan 04, 2010
Posts: 19
|
|
I have changed the security contrain like this
<security-constraint>
<web-resource-collection>
<web-resource-name>TestWebProject</web-resource-name>
<url-pattern>/TestWebProject/</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
</auth-constraint>
</security-constraint>
Still i am able to call the Get method.
|
|
Kumaravadivel Subramani
Ranch Hand
Joined: Jul 05, 2008
Posts: 159
|
|
|
Can you post your whole web.xml and provide the URL in which you are accessing html file.
|
|
Rob Spoor
Saloon Keeper
Joined: Oct 27, 2005
Posts: 18370
|
|
Please don't paste the entire web.xml yet. First filter out everything that's not related to the servlet in question, especially other servlets.
However, I think the problem is in the URL pattern. Your form action is "TestServlet". Your URL pattern is now "/TestWebProject/"; it was "/TestWebProject/*". My guess is that "TestWebProject" is the name of the web application. URL patterns are already relative to the web application. Change your URL pattern to "/*".
|
SCJP 1.4 - SCJP 6 - SCWCD 5
How To Ask Questions How To Answer Questions
|
|
 |
|
|
subject: problem regarding empty auth-constraint tag
|
|
|
0
