• Post Reply Bookmark Topic Watch Topic
  • New Topic

Security Issue: Empty [auth-constraint] V.S. No [auth-constraint]

 
Jon Lee
Ranch Hand
Posts: 134
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Suppose I declare two <security-constraint> for the same web-resource-collection. One has a empty <auth-constraint> tag, which means no one will access it. But the other one has no <auth-constraint> tag, which means everyone can access it. Then what's the result?? Everyone can access the resource or no one??
[ March 10, 2007: Message edited by: Jon Lee ]
 
Niranjan Deshpande
Ranch Hand
Posts: 1277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
empty <auth-constraint> tag is the final word...which means no one will have access. This has been clearly mentioned in the book.
 
What are you doing? You are supposed to be reading this tiny ad!
the new thread boost feature brings a LOT of attention to your favorite threads
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!