Last week, we had the author of TDD for a Shopping Website LiveProject. Friday at 11am Ranch time, Steven Solomon will be hosting a live TDD session just for us. See for the agenda and registration link
Last week, we had the author of TDD for a Shopping Website LiveProject. Friday at 11am Ranch time, Steven Solomon will be hosting a live TDD session just for us. See for the agenda and registration link
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

RE: auth-constraint

 
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
Id like to know the difference between NOT having any auth-constraint and having


Is it the same ie. allowing access to EVERYBODY except for NO auth-constraint entry allows UNauthenticated access whilst the latter allows only authenticated access to everybody please?

Also is this legal please (no inner role-name)?:


thanks a million
regards
Rina
 
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
[Removed first comment]
If you don't set any auth-contraint, everybody will be authorized to access the resource. Same as using "*" for a role-name. (Setting an empty auth-constraint will forbide anybody to access the resource).

<auth-constraint>Super-user</auth-constraint>


No, it's not valid, you have to use role-name.
[ September 13, 2007: Message edited by: Christophe Verre ]
 
Rina Magro
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes Chris but if you dont include ANY auth-constraint entry in your security-constraint, does it mean allow access to EVERYBODY even those who are UNauthenticated , i know its useless to declare in DD, but who knows what might pop up in exam to make it bit tricky?
thanks
regards
Rina
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

does it mean allow access to EVERYBODY even those who are UNauthenticated


Mmmh. I'm checking the spec right now, because I'm not too sure about that. I can't find anything special about it in the spec. After giving it a second thought, if no auth-constrait is set, then the resource should be accessible. (please forget my first reply)
 
Rina Magro
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ok thanks lots
regards
Rina
 
If tomatoes are a fruit, then ketchup must be a jam. Taste this tiny ad:
free, earth-friendly heat - a kickstarter for putting coin in your pocket while saving the earth
https://coderanch.com/t/751654/free-earth-friendly-heat-kickstarter
reply
    Bookmark Topic Watch Topic
  • New Topic