• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security-constraint

 
shanthisri mocherla
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello friends,
I've aquestion on security-constraint,


So Both Admin and Member are allowed to do a GET And POST on the resources
in the Beer/Addrecipe directory.

MY QUESTION is :
Are they allowed to do A TRACE,HEAD,PUT etc on the resources as well???

But Guest(role-name) can't to do a GET or POST ,but ca do a TRACE,HEAD ,PUT etc, as that role is not decalred in the auth-constraint element of DD.

Shanthi
 
Marc Peabody
pie sneak
Sheriff
Posts: 4727
Mac Ruby VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, and you are correct.

Realize too that each of those methods has a corresponding doXXX() method when the resource is the mapping for a servlet. Think about what would happen if someone tried one of these other methods on a servlet.

And what if I didn't want anyone to ever use any of the other methods anywhere in the application? Can you think of an easy way to handle that using a constraint?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic