HF errata

page 634

the errate says

{634} hand written comment at the bottom;
"If there were NO <http-method> elements in the <web-resource-collection>, it would mean that NO HTTP Methods are allowed, by ANYONE in any role."
should be:
"If there are NO <http-method> elements, in the <web-resource-collection>, it would mean that ALL HTTP Methods are allowed."


{634} Key points about <web-resource-collection>;
If no HTTP Methods are specified then ALL Method will be constrained!!
should be
"If a <web-resource-collection> element contains no <http-method> elements, then
the collection includes the use of ALL HTTP methods on all of the URL patterns."

This suggests a change that if no <http-method> is specified then all are allowed .
But errata does not specify anything about the 2nd paragraph in 2nd box on Page 635 which reads

If you do not specify any <http-method>, then you are constraining all HTTP methods.

I am confused , which one is correct ?

Hi Sangeeta,

Ahh....You are also stuck there. Even I was....

Okay! THis is how it goes...If no http-method is explicitly mentioned, then all http methods are constrained (allowed only) for those roles mentioned in auth-constraints.

There is one question in mock exam in the chapter which will make you much more clearer.

Regards,
Shankar