Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security Issue: Empty [auth-constraint] V.S. No [auth-constraint]

 
Jon Lee
Ranch Hand
Posts: 134
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Suppose I declare two <security-constraint> for the same web-resource-collection. One has a empty <auth-constraint> tag, which means no one will access it. But the other one has no <auth-constraint> tag, which means everyone can access it. Then what's the result?? Everyone can access the resource or no one??
[ March 10, 2007: Message edited by: Jon Lee ]
 
Niranjan Deshpande
Ranch Hand
Posts: 1277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
empty <auth-constraint> tag is the final word...which means no one will have access. This has been clearly mentioned in the book.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic