posted 17 years ago
HFSJ describes the rules for dueling <auth-constraint> elements in page 639. There are four rules. But I am still confused by the following combinations:
1. * and empty <auth-constraint>
2. * and no <auth-constraint>
3. empty <auth-constraint> and no <auth-constraint
Acutally, these questions go down the simple one:
what's the priority order of *, empty, and no <auth-constraint>