This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes <security-constraint> element Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "&lt;security-constraint&gt; element " Watch "&lt;security-constraint&gt; element " New topic

&lt;security-constraint&gt; element

Hamzah khammash

Joined: Jan 05, 2012
Posts: 23

I have question about <security-constraint> element in case i have 2 <security-constrain> elements one of them have <auth-constraint> element and its cover all roles and the
other <security-constrain> have <auth-contraint/> elements with no role selected and both of them have the same resource and <url-patteren>
in this case which <security-constrain> will execute ?
shivam singhal
Ranch Hand

Joined: Jul 15, 2012
Posts: 223

In the above mentioned case none of the defined role can excess the resource via the Http-method mentioned in the 2nd <security-constraint>
wood burning stoves
subject: &lt;security-constraint&gt; element
Similar Threads
multiple security-constraint elements interaction
auth-constraint doubt
No of <auth-constraint> tags
HFS exercise on page 658
Authorisation related