• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

http-method in security-constraint doubt

 
James Mark
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<security-constraint>
<web-resource-collection>
<web-resource-name>NAME</web-resource-name>
<http-method>GET</http-method>
<url-pattern>/myJsp.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Manager</role-name>
</auth-constraint>
</security-constraint>


User with role Manager will be prompted on a userName and password in the browser upon requesting the above URL with http GET method.

What will happen If the Manager tried a httpmethod PUT in the >/myJsp.jsp?

Removing the <http-method> method altogether and exceuting a
GET method by the Manager what will happen?

Please help.Thanks in Advance.
 
npk chowdary
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
for your dd other than get method no authorization will appplied for other http method.
but if you remove hhtp-method tag for all methods constraints will be applicable
 
James Mark
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
that means Removing the <http-method> method altogether and exceuting a
GET method by the Manager will promt username and password??
 
Lave Kulshreshtha
Ranch Hand
Posts: 106
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
As per my understanding HTML only supports only two methods POST and GET.

-Lave
 
Durga Prasad Vuyyuru
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

That means it we remove <http-method> tag, we can use any one http method
 
Durga Prasad Vuyyuru
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

That means it we remove <http-method> tag, we can use any one http method
 
Lave Kulshreshtha
Ranch Hand
Posts: 106
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think you should not remove http-method tag. Please HTML form does support only POST and GET methods but there are other clients which can support other methods also.

-Lave
 
Prasad Shindikar
Ranch Hand
Posts: 114
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<http-method>GET</http-method>
when you specify an <http-method> element, then that particular method is constrained, and rest all HTTP methods (POST, PUT, TRACE etc.) are unconstrained.
But, if you drop the <http-method> tag altogether, then all the methods are constrained.

Hope this helps all.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic