I have doubts in <http-method> under <security-constraint>.
<security-constraint>
<web-resource-collection>
<url-pattern>/TestConnectionServlet</url-pattern>
<http-method>get</http-method>
</web-resource-collection>
<auth-constraint>
<description>only member</description>
<role-name>member</role-name>
</auth-constraint>
</security-constraint>
here if user role is member then that user can access GET method of /TestConnectionServlet but any other user with other role can access any method of TestConnectionServlet except GET method.
if above statement is correct then if i remove <http-method> then according to Head First
if there is no <http-method> in <web-resource-collection> , it would mean that NO HTTP methods are allowed by anyone in any role.
so assume that i removed <http_method> then i should not get access of TestConnectionServlet.
but still i m getting the access. WHY ?
I m using NETBEANS 6.5 and
TOMCAT 6.0.14
What is meaning of
all methods are constrained?
THANKS IN ADVANCE
MANISH