jQuery in Action, 2nd edition*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Mandatory elements inside <security-constriant>? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Mandatory elements inside &lt;security-constriant&gt;?" Watch "Mandatory elements inside &lt;security-constriant&gt;?" New topic
Author

Mandatory elements inside &lt;security-constriant&gt;?

Sagar Shroff
Ranch Hand

Joined: Jun 07, 2011
Posts: 208

Hello ranchers i am having huge confusion regarding the mandatory elements inside the <security-constriant> element.
Now i am gonna note down following points please correct me if i am wrong

1.<web-resource-collection> is a mandatory element.
- Inside <web-resource-collection>
a.<web-resource-name> is mandatory
b.<url-pattern> is mandatory
c.<http-method> is optional

-<auth-constriant> is optional
-<user-data-constraint> is optional
-<transport-guarantee> is optional

2 <login-config> is optional

Please correct me if i am WRONG in the above statements
--------------------------------------------------------------------------------------------------
Now my second question is how many instance of each element can be present ?
<web-resource-collection> can be 1 to many
<url-pattern> can be 1 to many
<http-method> can be 0 to many
<auth-constriant> can be 0 to 1
<user-data-constraint> can be 0 to 1
<transport-guarantee> can 0 to 1

Please correct me if i am WRONG in the above statements
--------------------------------------------------------------------------------------------------

If i have missed anything above your valuable suggestions are really welcomed,will help me understand the concept better

P.S i have tried reading specs but i am not able to understand so i decided to count on you guys as you always do help me

Regards,
Sagar


OCJP-90%,OCPWCD-95%
shailesh thakur
Greenhorn

Joined: May 30, 2012
Posts: 15

Hi sagar,

I think <login-config> element is mandatory because a user needs to be authenticated before the authorization is done.

If you are following HFSJ , then page 666 provides a good idea.


Regards,
Shailesh
OCJP 1.6 , OCWCD 1.5
Sagar Shroff
Ranch Hand

Joined: Jun 07, 2011
Posts: 208

shailesh thakur wrote:Hi sagar,

I think <login-config> element is mandatory because a user needs to be authenticated before the authorization is done.

If you are following HFSJ , then page 666 provides a good idea.



Yes i am wrong login-config is mandatory in case where user needs to be authenticated.
Shailesh what are your views on the other's ? any idea ?
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1647
    
  25

Check this SecurityConstraint of the xsd

1.<web-resource-collection> is a mandatory element.
- Inside <web-resource-collection>

Do you mean mandatory inside <security-constraint>? Yes, that is correct
a.<web-resource-name> is mandatory
b.<url-pattern> is mandatory
c.<http-method> is optional

-<auth-constriant> is optional
-<user-data-constraint> is optional

Correct
<transport-guarantee> is optional

No, if you have a <user-data-constraint>, then the <transport-guarantee> is mandatory

2 <login-config> is optional

Correct, it doesn't have to be there

<web-resource-collection> can be 1 to many
<url-pattern> can be 1 to many
<http-method> can be 0 to many
<auth-constriant> can be 0 to 1
<user-data-constraint> can be 0 to 1

Correct

<transport-guarantee> can 0 to 1

<transport-guarantee> should be 1 ( inside the user-data-constraint)

Regards,
Frits
Sagar Shroff
Ranch Hand

Joined: Jun 07, 2011
Posts: 208

Thanks again !

Regards Sagar.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Mandatory elements inside &lt;security-constriant&gt;?
 
Similar Threads
Q 12, Eduardo's mock
JBOSS web logon not redirecting from port 8080 to 8443 at login
Implementation of User Registry with ORacle database
Meaning of ? in web.xml DTD
security-role