Page 660 of HFSJ says that : we left off <http-method> so that no HTTP methods are accessible to anyone except Admin. According to my understanding if we leave the <http-method> tag, in that case all the users are allowed to access all the http methods. pls correct me if i am wrong.
SCJP 1.4, SCWCD1.4, OCA(1Z0-007)
posted 11 years ago
what is specified in the book is true!!
If <http-method> is present only the method represented by that tag is constrained. However if <http-method> is not present then all the HTTP methods are constrained ( refer Page 635)