• Post Reply Bookmark Topic Watch Topic
  • New Topic

HFS exercise on page 658  RSS feed

Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Have a question about HFS exercise
on page 658, the last scenario/statement and
its correctness. Didn't find any info
about it on errata pages. So guys, help me out
with this one!

Question was about putting right
elements into DD and the use case

"You want to constrain everything
with foo/bar directory so that those
with a security role of Admin can
invoke ANY HTTP methods on those

According to HFS the correct answer is

web-resource-name Some Name /web-resource-name
url-pattern /foo/bar/* /url-pattern


role-name Admin /role-name

Personally I disagree with the answer on page 660 due
to the following explanation:

Isn't so that if http-method IS OMITTED, no request
no matter which role, are allowed? For the Container to allow
any HTTP method (request) for foo/bar/* directory there is gotta be
at least one http-method declared element? Am I right?

pie sneak
Posts: 4727
Mac Ruby VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Though a constraint limits who can access a resource, its definition still centers upon who can access a resource, not by who can't.

http-method is designed to simply allow more precision to a constraint. If no http-method is specified, the constraint applies to all methods. Omitting http-method will only make your constraint method-agnostic.

Constraints can get pretty confusing and you can easily make mistakes if you're not careful. Here's a letter I may or may not have received recently from a sweet gal named Mary. Maybe someone here could help her out.

Dear JavaRanch,

My name is Mary and I own my own hiking trail in a private park just south of Denver, Colorado. People like to come to my trail to run, walk, hop, skip, and jump. The park that holds my trail allows pets but the humans on my trail aren't cleaning up after their dogs. Gross! I decide I don't want to allow dogs (or any other pets) on my trail anymore.

How do I fix that? I need a constraint for my trail!

So I set a constraint that only allows members of the "human" role.

Wonderful! No more dog poo!

A month later I start getting complaints from many of the older folks who walk my trail. They say that a lot of rowdy kids have caused problems with their running, hopping, skipping, and especially jumping! Bummer.

Now I need to prevent run, hop, skip, and jump travel-methods on my trail. My previous constraint applied to all methods of travel because I didn't specify any. Humans were allowed to travel however they wanted. So I added to my previous constraint the travel-method of "walk" so that humans could only walk on my trail. No running. No hopping. No skipping. And certainly no jumping!

Feeling pretty good about myself I took a vacation to Mexico for a couple weeks. But during my first day there, while working on my tan and sipping on a margarita, I received a phone call from the park ranger who said, "Mary, you're not going to believe this but I swear I just saw some dogs on your trail running, hopping, skipping, and dare I say... jumping!" My heart fell into my stomach as I realized how much poo I'd have to clean up when I get back.

What did I do wrong? What can I have the park ranger do to fix it? Don't you have any good ranch hands that can help me solve this?

Mary Gotrubble

[ May 09, 2006: Message edited by: Marc Peabody ]
janne jounivich
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Look at the HFS page 634 and the comment written about
http-method GET /http-method. Briefly in it it was said
"If there were no http-method element, it would mean
that no HTTP methods are allowed, by ANYONE in any role. But
since we put in one role for GET, it means that only
GET is constrained...." I tried to apply this rule with
the exercise on page 658.

So either this explanation should be edited or the exercise
answer. Which one? Or should I just perform a test with Tomcat?


[ May 10, 2006: Message edited by: janne RockGulf ]
[ May 10, 2006: Message edited by: janne RockGulf ]
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!