I have a query regarding the web app security topic.
If you do not specify the <http-method> tag in the <web-resource-collection> then it means that ALL methods are constrained. Would <http-method>*</http-method> mean the same ? The HFSJ does not mention this case.
N!K<br />SCJP <br /> SCWCD
posted 10 years ago
'*' will not work. Either you specify each HTTP method you want to restrict or restrict all HTTP methods by not specifying any HTTP method.