File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes security constraint Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "security constraint" Watch "security constraint" New topic

security constraint

shivam singhal
Ranch Hand

Joined: Jul 15, 2012
Posts: 231

can anybody help me in understanding of security constraint tag in DD??
taras khoma

Joined: Mar 14, 2011
Posts: 9

In "Head First Servlets and JSP (2nd Edition)" it's described in very clear manner.
shivam singhal
Ranch Hand

Joined: Jul 15, 2012
Posts: 231

yeah, i have studied that one still i am confused..

unable to understand which roles can access the resource..



</security constraint>

In this case if we have member , admin and guest role name.. then only member and admin are allowed to POST anything on the resource.. and guest can't post but guest can get ,trace ,put anything on the resource RIGHT??
or anything MISSING??
gurpeet singh
Ranch Hand

Joined: Apr 04, 2012
Posts: 924

first of all your url-pattern is not right. it should follow the proper rules . now the security contraint you defined says this :

the POST method is constrained. it means not everybody can post on the given url-pattern. only users whose role is either MEMBER OR ADMIN can POST on the url-pattern. rest anybody including MEMBER, ADMIN OR GUEST can GET, TRACE, HEAD etc(all the methods except POST) on the url-pattern. also keep in mind anybody can GET on the pattern but if you havent overriden doGet then it will throw 405 method not supported status code(this is but obvious). i hope i clear your doubt
shivam singhal
Ranch Hand

Joined: Jul 15, 2012
Posts: 231

thanks gurpeet..
I agree. Here's the link:
subject: security constraint
It's not a secret anymore!