Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Query Reg. Web App Security

 
shyam ramineni
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I am going through Mikalai Zaikin's notes. In the section rlated to Web Applicattion Security. I did not understand the below statement.

A security constraint that does not contain an authorization constraint shall combine with authorization constraints that name or imply roles to allow unauthenticated access. The special case of an authorization constraint that names NO roles shall combine with any other constraints to OVERRIDE their affects and cause access to be PRECLUDED.

The example related to the above statement is below.

[B]





'/*' DELETE access precluded

'/*' PUT access precluded

'/acme/wholesale/*' DELETE access precluded

[/B]

Can anyone explain what the word "PRECLUDED" means in the above context.
In the above , does it mean there is no access for DELETE method to '/*' URL pattern.

Thanks
Shyam Ramineni
 
Narendra Dhande
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Precluded means the access is not granted for the matching urls and methods.

Thanks
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic