• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

HFSJ 634 page

 
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Ranchers
I'm just going through the security chapter in HFSJ.I've found some errors.I have the errata page with me right now.but I'm getting confused with the statements.

Errata:
handwitten comment at the bottom:


statement 1."If there were NO <http-method> elements in the <web-resouce-collection>,it would mean that NO HTTP Methods are allowed,by ANYONE in any role."

It should be

statement 2."if there are no <http-method> elements ,in the <web-resource-collection>,it would mean that All HTTP methods are allowed."

I did not find any hand written comment matching the
statement 1 in my book.

what my question is
1.whether the second statement is correct or not?
Thanks in advance
Shanthi

[ October 19, 2005: Message edited by: shanthisri mocherla ]
[ October 20, 2005: Message edited by: shanthisri mocherla ]
 
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Shanthisri,


statement 2."if there are no <http-method> elements ,in the <web-resource-collection>,it would mean that All HTTP methods are allowed."



This statement is correct.If you mention a method in <http-method>,it implies you are constraining only that method.Correct me if I am wrong.

regards,
JR
 
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

statement 2."if there are no <http-method> elements ,in the <web-resource-collection>,it would mean that All HTTP methods are allowed."



I think this is wrong

if there are no <http-method> elements ,in the <web-resource-collection>,it would mean that All HTTP methods are restricted. You require authentication for all methods to execute iff they are definded in the servlet. And if you define any one method in DD, then only this method is resctricted and all methods are allowed.

Thanks
 
Ranch Hand
Posts: 445
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Narendra is correct on what he is said. If we dont specify http-method then security applies to all methods.

From servlet spec,
"If no HTTP methods are specified, then the security constraint
applies to all HTTP methods."
 
shanthisri mocherla
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Radhika,Narendra and Rizwan.

I got it.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic