Win a copy of Machine Learning Systems: Designs that scale this week in the Scala forum
or Xamarin in Action: Creating native cross-platform mobile apps in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Doubt in Security contraints  RSS feed

 
Ranch Hand
Posts: 239
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I have an doubt when more than one <url-pattern> elements overlap.
If a <secutiry-constraint> element has no <auth-constraint> element, everyone can accesses the resource.

If a <secutiry-constraint> element has a empty <auth-constraint> element,
no one can accesses the resource.

But if both exits ? What will happen ?
Here�s a snippet.




Regards,
 
Ranch Hand
Posts: 128
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As I know empty one - <auth-constraint/> is ALWAYS WIN.
 
Ranch Hand
Posts: 1066
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have an doubt when more than one <url-pattern> elements overlap.
If a <secutiry-constraint> element has no <auth-constraint> element, everyone can accesses the resource.

If a <secutiry-constraint> element has a empty <auth-constraint> element, no one can accesses the resource.
But if both exits ? What will happen ?

Serghei is right. In this case, nobody can access the resource!

Refer HF book, Chap 12, page: 639 (Dueling <auth-constraint> elemets table)
 
Eusebio Floriano
Ranch Hand
Posts: 239
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, i�ll take a look.

Thx a lot.

Regards,
 
Ranch Hand
Posts: 172
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yeah....no one can access the resource....
 
No matter. Try again. Fail again. Fail better. This time, do it with this tiny ad:
Rocket Oven Kickstarter - from the trailboss
https://coderanch.com/t/695773/Rocket-Oven-Kickstarter-trailboss
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!