• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

regarding web app security

 
saima kanwal
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Refer HFSJ page 669, chapter :"web app security":



and

There is no <auth-constraint>

These two have the same effect.


Both will give access to all the users , but will the first one with * perform authentication first (that is ask for username and password) and then allow access to all the users or will it omit the process of authentication as in the second case??
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2531
112
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Saima,
The first one will trigger the Authentication process (according to the <auth-method> defined in <login-config>)
When there is no <login-config> element with <auth-method> in your web.xml it will deny access immediatly

Regards,
Frits
 
saima kanwal
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for your reply.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic