Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

auth-constraint doubt in HFSJ book

 
Iván Párraga
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

In March 2008 - Second Edition on page 843


Your web application has a valid deployment descriptor in which student and sensei are the only security rolres that have been defined. The deployment descriptor contains two security constraints that declare the same resource to be constrained. the frist security constraint contains:

<auth-constraint>
<role-name>student</role-name>
</auth-constraint>

and the second:

<auth-constrint />


The books says that the right answer is this:


If the second <auth-constraint> tag is removed, the constrained resource can be accessed by both roles.


but I think it is wrong and that the right one is this:


If the second <auth-constraint> tag is removed, the constrained resource can be accessed only by student users.


What do you think?

Cheers,

Iv�n
 
Kathiresan Chinna
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

If the second <auth-constraint> tag is removed then we will have the following

<security-constraint>
</security-constraint>

So, both roles can access.

See the HFSJ page 693 ANSWERS.

Kathir
 
Iván Párraga
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, you're right.

Thanks,

Iv�n
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic