• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HFSJ page 639 - web App Security

 
Swati Udas
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This page explains dueling <auth-constraint> elements.

However the following combinition is not covered

<auth-constraint /> i.e. NOBODY has access

and if the other constraint is

<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
i.e EVERYBODY has access to the given web resource !

What would be the resultant permissions on this web resource ??

I dont know if any one would put tags like that in a DD in a practical scenario. However I thought I should know what would be the effective permissions for such a combinition.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From the spec (12.8.1) :
The special case of an authorization constraint that names no roles shall combine with any other constraints to override their affects and cause access to be precluded.

In clear, nobody has access.
 
amar kasar
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Satou kurinosuke:
From the spec (12.8.1) :
The special case of an authorization constraint that names no roles shall combine with any other constraints to override their affects and cause access to be precluded.

In clear, nobody has access.
 
Swati Udas
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Sataou..
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic