• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security issue

 
Abhijit Rai
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi fellas,
I had read that to implement confidentiality we proceed as follows in deployment descriptor :


<security-canstraint>

<web-resource-collection>
valid code goes here
</web-resource-collection>

<user-data-constraint>
<transport-guarantee>
CONFIDENTIAL
</transport-guarantee>
</user-data-constraint>
</security-constraint>


My Question is what happens if we have the same resource in two different <security-constraint> elements having different <transport-guarantee>
for example:

<security-canstraint>

<web-resource-collection>

<web-resouce-name>resource 1</web-resouce-name>
<url-pattern>/page1.jsp</url-pattern>
<http-method>GET</http-method>


</web-resource-collection>

</security-constraint>



.
.
.
.
.
.
.
<security-canstraint>

<web-resource-collection>

<web-resouce-name>resource 2</web-resouce-name>
<url-pattern>/page1.jsp</url-pattern>
<http-method>GET</http-method>


</web-resource-collection>

<user-data-constraint>
<transport-guarantee>
CONFIDENTIAL
</transport-guarantee>
</user-data-constraint>


</security-constraint>
 
Baddy Davay
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
basically it should do the union of all .So that resource is CONFIDENTIAL no matter if the samer URL pattern is there in another Security Constraint with no usr-data-constraint
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic