Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Doubt in Security contraints

 
Eusebio Floriano
Ranch Hand
Posts: 237
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I have an doubt when more than one <url-pattern> elements overlap.
If a <secutiry-constraint> element has no <auth-constraint> element, everyone can accesses the resource.

If a <secutiry-constraint> element has a empty <auth-constraint> element,
no one can accesses the resource.

But if both exits ? What will happen ?
Here�s a snippet.




Regards,
 
Serghei Jelauc
Ranch Hand
Posts: 128
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As I know empty one - <auth-constraint/> is ALWAYS WIN.
 
Vishwa Kumba
Ranch Hand
Posts: 1066
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have an doubt when more than one <url-pattern> elements overlap.
If a <secutiry-constraint> element has no <auth-constraint> element, everyone can accesses the resource.

If a <secutiry-constraint> element has a empty <auth-constraint> element, no one can accesses the resource.
But if both exits ? What will happen ?

Serghei is right. In this case, nobody can access the resource!

Refer HF book, Chap 12, page: 639 (Dueling <auth-constraint> elemets table)
 
Eusebio Floriano
Ranch Hand
Posts: 237
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, i�ll take a look.

Thx a lot.

Regards,
 
trivikram Kumar
Ranch Hand
Posts: 172
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yeah....no one can access the resource....
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic