• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security-constraint issue?

 
Kosala W.Abayagunawardene
Ranch Hand
Posts: 47
Firefox Browser Java Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


What happens with code combinations 1 and 2, 1 and 3,2 and 3.

Answer
Although the first auth-constraint is empty, implying no one will have access to the resource, this is cancelled out by the second auth-constraint that will allow anyone to access the resource.

I thought that empty auth-constraint always wins and no one will have access...
from Ref
 
Ankit Garg
Sheriff
Posts: 9528
33
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Kosala please Quote Your Sources when you post a question.

The 1st part of the web.xml is actually not valid. There's a role-name tag outside the auth-constraint element. If there is an empty auth-constraint element, then it will override other auth-constraint elements for the same resource i.e. no one will be allowed (as you said)...
 
Kosala W.Abayagunawardene
Ranch Hand
Posts: 47
Firefox Browser Java Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ankit Garg wrote:Kosala please Quote Your Sources when you post a question.

The 1st part of the web.xml is actually not valid. There's a role-name tag outside the auth-constraint element. If there is an empty auth-constraint element, then it will override other auth-constraint elements for the same resource i.e. no one will be allowed (as you said)...


Sorry about that.Its from Marcus Green Mock Exams,SCWCD Summary Quiz 1, question 6.Yes.I thought the same as 1 is wrong.what will append if is taken out from 1.thanks
 
Ankit Garg
Sheriff
Posts: 9528
33
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
what will append if <role-name>manager</role-name>is taken out from 1.

I already answered that
Ankit Garg wrote:If there is an empty auth-constraint element, then it will override other auth-constraint elements for the same resource i.e. no one will be allowed (as you said)...
 
Kosala W.Abayagunawardene
Ranch Hand
Posts: 47
Firefox Browser Java Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ankit Garg wrote:
I already answered that


Thanks
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic