File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes security constraint Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "security constraint" Watch "security constraint" New topic
Author

security constraint

shivam singhal
Ranch Hand

Joined: Jul 15, 2012
Posts: 226

can anybody help me in understanding of security constraint tag in DD??
taras khoma
Greenhorn

Joined: Mar 14, 2011
Posts: 9

In "Head First Servlets and JSP (2nd Edition)" it's described in very clear manner.
shivam singhal
Ranch Hand

Joined: Jul 15, 2012
Posts: 226

yeah, i have studied that one still i am confused..

unable to understand which roles can access the resource..

if..

<security-constaint>
<web-resource-collection>
<web-resource-name>something</web-resource-name>
<url-pattern>WEB-INF/shivam</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>

<auth-constraint>
<role-name>MEMBER</role-name>
<role-name>ADMIN</role-name>
</auth-constraint>
</security constraint>


In this case if we have member , admin and guest role name.. then only member and admin are allowed to POST anything on the resource.. and guest can't post but guest can get ,trace ,put anything on the resource RIGHT??
or anything MISSING??
gurpeet singh
Ranch Hand

Joined: Apr 04, 2012
Posts: 924
    
    1

first of all your url-pattern is not right. it should follow the proper rules . now the security contraint you defined says this :

the POST method is constrained. it means not everybody can post on the given url-pattern. only users whose role is either MEMBER OR ADMIN can POST on the url-pattern. rest anybody including MEMBER, ADMIN OR GUEST can GET, TRACE, HEAD etc(all the methods except POST) on the url-pattern. also keep in mind anybody can GET on the pattern but if you havent overriden doGet then it will throw 405 method not supported status code(this is but obvious). i hope i clear your doubt
shivam singhal
Ranch Hand

Joined: Jul 15, 2012
Posts: 226

yeah!!..
thanks gurpeet..
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: security constraint