Hi,
statement 2."if there are no <http-method> elements ,in the <web-resource-collection>,it would mean that All HTTP methods are allowed."
I think this is wrong
if there are no <http-method> elements ,in the <web-resource-collection>,it would mean that All HTTP methods are restricted. You require authentication for all methods to execute iff they are definded in the
servlet. And if you define any one method in DD, then only this method is resctricted and all methods are allowed.
Thanks
Narendra Dhande
SCJP 1.4,SCWCD 1.4, SCBCD 5.0, SCDJWS 5.0, SCEA 5.0