This week's book giveaway is in the Java 9 forum.
We're giving away four copies of Java 9 Modularity: Patterns and Practices for Developing Maintainable Applications and have Sander Mak & Paul Bakker on-line!
See this thread for details.
Win a copy of Java 9 Modularity: Patterns and Practices for Developing Maintainable Applications this week in the Java 9 forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Security Issue: Empty [auth-constraint] V.S. No [auth-constraint]  RSS feed

 
Jon Lee
Ranch Hand
Posts: 134
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Suppose I declare two <security-constraint> for the same web-resource-collection. One has a empty <auth-constraint> tag, which means no one will access it. But the other one has no <auth-constraint> tag, which means everyone can access it. Then what's the result?? Everyone can access the resource or no one??
[ March 10, 2007: Message edited by: Jon Lee ]
 
Niranjan Deshpande
Ranch Hand
Posts: 1277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
empty <auth-constraint> tag is the final word...which means no one will have access. This has been clearly mentioned in the book.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!