• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

http-method tag in security constraint

 
Naresh Chaurasia
Ranch Hand
Posts: 361
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Page 660 of HFSJ says that : we left off <http-method> so that no HTTP methods are accessible to anyone except Admin. According to my understanding if we leave the <http-method> tag, in that case all the users are allowed to access all the http methods. pls correct me if i am wrong.
 
muthu kumaran
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
what is specified in the book is true!!

If <http-method> is present only the method represented by that tag is
constrained.
However if <http-method> is not present then all the HTTP methods are
constrained ( refer Page 635)

Muthu
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic