What happen when http-method is not defined in the security constraint?
posted 11 years ago
Hi, I didn't quite understood what would happen if a <http-method> method is not defined in a <web-resource-collection> element. Does this mean that ALL methods will be constrained? And if so, does this mean that an authorized user (let's say someone defined in the <auth-constraint> element) can access ALL methods or that even an authorized user CANNOT access any method for the constrained resource?