• Post Reply Bookmark Topic Watch Topic
  • New Topic

auth-constraint doubt in HFSJ book

 
Iván Párraga
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

In March 2008 - Second Edition on page 843


Your web application has a valid deployment descriptor in which student and sensei are the only security rolres that have been defined. The deployment descriptor contains two security constraints that declare the same resource to be constrained. the frist security constraint contains:

<auth-constraint>
<role-name>student</role-name>
</auth-constraint>

and the second:

<auth-constrint />


The books says that the right answer is this:


If the second <auth-constraint> tag is removed, the constrained resource can be accessed by both roles.


but I think it is wrong and that the right one is this:


If the second <auth-constraint> tag is removed, the constrained resource can be accessed only by student users.


What do you think?

Cheers,

Iv�n
 
Kathiresan Chinna
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

If the second <auth-constraint> tag is removed then we will have the following

<security-constraint>
</security-constraint>

So, both roles can access.

See the HFSJ page 693 ANSWERS.

Kathir
 
Iván Párraga
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, you're right.

Thanks,

Iv�n
 
my overalls have superpowers - they repel people who think fashion is important. Tiny ad:
the new thread boost feature brings a LOT of attention to your favorite threads
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!