Hello All,
Can someone help me with the answer for this question.
According to me, shouldn't the answer be Option D, since there is not <http-method> defined, all the methods will be inaccessible,
so the user should not be prompted for any of the Http methods ?
If no HTTP methods are specified, then the security constraint applies to all HTTP methods. So if a url matches a security-constraint, then the user will have to login.