• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Qn on auth-constraint

 
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
which all the users can access this resource....if we have something like below:

because in 1st security constraint says nobody has access.
and in second security constraint says every body has access to a resource..


<web-app>

<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/servlet</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>

<auth-constraint/>

</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/servlet</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>

</security-constraint>
</web-app>
 
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Nobody can access the resources because of <auth-constraint/>. If this is present then nobody can access the resources, though permission are granted in another secirity constaint for the same resource and http method.

Thanks
 
Chandrakanth
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thx for the reply
 
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yes thats right

<auth-constraint/> means NOBODY has access

but also note that, it is NOT the same as
<auth-constraint> being ABSENT -> this grants access to ALL.
which is same as
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>

 
and POOF! You're gone! But look, this tiny ad is still here:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic