• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Doubt in the http-method

 
raja ram
Ranch Hand
Posts: 169
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

In HFSJ first edition page no 634 it is said that "if no <http-method> is specified then that means none of the http-methods are allowed

In Page no 660 it is said that "we left off <http-method> so that no http-methods are accessible by any one apart from Admin

It is confussing when we wont specify http-method in such cases none of them are able to access any of the http-methods but in second case even though we have not specified http-method by specifying the <role-name> Admin </role-name> how Admin will be able to access all the http-methods but not others. I think even Admin should not be able to have access to any of the http-methods becuase we have no specified http-methods in web.xml is that correct?

Thanks
 
deepa raj
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
if role-name is specified , only the specfied role name can access the resource with that specified http method.

if the http-method tag is not there, all the HTTP methods are constrained.

so , all the methods can be used to access the resource by the Admin which is role specified in role-name.

Hope this helps.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic