• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

auth-constraints

 
al langley
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What happens if you correctly define two <security-constraint> elements in a DD. The first defines auth-constraint as the following:

Then in the second <security-constraint>, the auth-constraint is defined as the following:


I've taken practice tests that say the second security-constraint cancels out the first one (thus allowing all users to access the resource), but when I actually try it, this is not the case. Anytime I use a auth-constraint with no role-names defined, no matter what order it appears in the DD, no one has access to the resource (I'm using tomcat 6).

What is the expected behavior? (in other words, if this question were on a test, what is the right answer).

Thanks for taking the time to read my question.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The special case of an authorization constraint that names no roles shall combine with any other constraints to override their affects and cause access to be precluded. Nobody will be authorized to access this secured content.
 
al langley
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the answer!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic