• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

Merging of auth-contraints in security-contraints

 
Ranch Hand
Posts: 84
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Ranchers!,

Question re: auth-contraint in the web.xml. I'm just wondering what happens when the
container 'merges/combines' the below 2 auth-contraints (in which each exists in it's own security-constraint)

<auth-constraint/> {A}

..and...

<auth-constraint> {B}
<role-name>*</role-name>
</auth-constraint>

I know 'A' means no one can access and 'B' means everyone has access but am confused which is the winner when their combined?

Any thoughts/advice would be great.
Thanks, Ro.


 
Sheriff
Posts: 9692
42
Android Google Web Toolkit Hibernate IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When you have an empty auth-constraint element, it will always take precedence so no one will have access to the resource...
 
I have gone to look for myself. If I should return before I get back, keep me here with this tiny ad:
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic