Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

http-method and authorization

 
stephen dimitrov
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm reading Head First Servlets and JSP and I'm confused about security. On page 634 it discusses using <http-method> in the DD. According to the errata, the following should be true:

" If there are NO <http-method> elements, in the <web-resource-collection>, it would mean that ALL HTTP Methods are allowed."

However, this contradicts what's mentioned on 635, which says:

"If you do NOT specify any <http-method>, then you're constraining all HTTP methods."

So, which one is it?

Thanks,
Stephen
 
chowdary Thammineedi
Ranch Hand
Posts: 126
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Stephen

There was a nice discussion on this topic about a month ago on this forum.
But I still remeber the FINAL WORD of that discussion.


The web-resource-collectionType is used to identify a subset
of the resources and HTTP methods on those resources within
a web application to which a security constraint applies. If
no HTTP methods are specified, then the security constraint
applies to all HTTP methods.


This quote is from the page 133 of the servlet 2.4 specification. Under the Deployment Descriptor bokkmark.

CONCLUSION: If you do not specify any <http-method> then all methods are constrained.

The original discussion is over here
http://www.coderanch.com/t/169402/java-Web-Component-SCWCD/certification/multiple-security-constraint-elements

Hope this helps
 
Kejal Shah
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey Stephen,
where's the errata for the book?
 
stephen dimitrov
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the quick answer. As for the errata -
errata
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic