• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HF Servlets & JSP, Chapter 12: Collision of security-constraint elements

 
Chengwei Lee
Ranch Hand
Posts: 884
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Was reading through the rules of what will happen when multiple <security-constraint> elements (with same or partially-matching URL patterns) collide.

What if in one <security-contraint> I've a <auth-contraint /> while in another, I've no <auth-constraint> element.

Will all roles be granted access or no roles be granted access to the overlapping resources?

My guess is no roles are granted access. What do you guys think?
 
Bryan Basham
author
Ranch Hand
Posts: 199
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In this case, you are right. The web container will take the more restrict security policy: no one gets access.

-Bryan
 
Chengwei Lee
Ranch Hand
Posts: 884
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic