Win a copy of Bad Programming Practices 101 (e-book) this week in the Beginning Java forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Security Issue: Empty [auth-constraint] V.S. No [auth-constraint]  RSS feed

 
Ranch Hand
Posts: 134
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Suppose I declare two <security-constraint> for the same web-resource-collection. One has a empty <auth-constraint> tag, which means no one will access it. But the other one has no <auth-constraint> tag, which means everyone can access it. Then what's the result?? Everyone can access the resource or no one??
[ March 10, 2007: Message edited by: Jon Lee ]
 
Ranch Hand
Posts: 1277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
empty <auth-constraint> tag is the final word...which means no one will have access. This has been clearly mentioned in the book.
 
F is for finger. Can you stick your finger in your nose? Doesn't that feel nice? Now try this tiny ad:
Why should you try IntelliJ IDEA ?
https://coderanch.com/wiki/696337/IntelliJ-IDEA
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!