| Author |
Mandatory elements inside <security-constriant>?
|
Sagar Shroff
Ranch Hand
Joined: Jun 07, 2011
Posts: 182
|
|
Hello ranchers i am having huge confusion regarding the mandatory elements inside the <security-constriant> element.
Now i am gonna note down following points please correct me if i am wrong
1.<web-resource-collection> is a mandatory element.
- Inside <web-resource-collection>
a.<web-resource-name> is mandatory
b.<url-pattern> is mandatory
c.<http-method> is optional
-<auth-constriant> is optional
-<user-data-constraint> is optional
-<transport-guarantee> is optional
2 <login-config> is optional
Please correct me if i am WRONG in the above statements
--------------------------------------------------------------------------------------------------
Now my second question is how many instance of each element can be present ?
<web-resource-collection> can be 1 to many
<url-pattern> can be 1 to many
<http-method> can be 0 to many
<auth-constriant> can be 0 to 1
<user-data-constraint> can be 0 to 1
<transport-guarantee> can 0 to 1
Please correct me if i am WRONG in the above statements
--------------------------------------------------------------------------------------------------
If i have missed anything above your valuable suggestions are really welcomed,will help me understand the concept better
P.S i have tried reading specs but i am not able to understand so i decided to count on you guys as you always do help me
Regards,
Sagar
|
OCJP-90%,OCPWCD-95%
|
 |
shailesh thakur
Greenhorn
Joined: May 30, 2012
Posts: 15
|
|
Hi sagar,
I think <login-config> element is mandatory because a user needs to be authenticated before the authorization is done.
If you are following HFSJ , then page 666 provides a good idea.
|
Regards,
Shailesh
OCJP 1.6 , OCWCD 1.5
|
|
Sagar Shroff
Ranch Hand
Joined: Jun 07, 2011
Posts: 182
|
|
shailesh thakur wrote:Hi sagar,
I think <login-config> element is mandatory because a user needs to be authenticated before the authorization is done.
If you are following HFSJ , then page 666 provides a good idea.
Yes i am wrong login-config is mandatory in case where user needs to be authenticated.
Shailesh what are your views on the other's ? any idea ?
|
|
Frits Walraven
Rancher
Joined: Apr 07, 2010
Posts: 1043
|
|
Check this SecurityConstraint of the xsd
1.<web-resource-collection> is a mandatory element.
- Inside <web-resource-collection>
Do you mean mandatory inside <security-constraint>? Yes, that is correct
a.<web-resource-name> is mandatory
b.<url-pattern> is mandatory
c.<http-method> is optional
-<auth-constriant> is optional
-<user-data-constraint> is optional
Correct
<transport-guarantee> is optional
No, if you have a <user-data-constraint>, then the <transport-guarantee> is mandatory
2 <login-config> is optional
Correct, it doesn't have to be there
<web-resource-collection> can be 1 to many
<url-pattern> can be 1 to many
<http-method> can be 0 to many
<auth-constriant> can be 0 to 1
<user-data-constraint> can be 0 to 1
Correct
<transport-guarantee> can 0 to 1
<transport-guarantee> should be 1 ( inside the user-data-constraint)
Regards,
Frits
|
|
Sagar Shroff
Ranch Hand
Joined: Jun 07, 2011
Posts: 182
|
|
Thanks again ! 
Regards Sagar. 
|
|
 |
|
|
subject: Mandatory elements inside <security-constriant>?
|
|
|
0
