• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Merging of auth-contraints in security-contraints

 
Ronan Dowd
Ranch Hand
Posts: 84
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ranchers!,

Question re: auth-contraint in the web.xml. I'm just wondering what happens when the
container 'merges/combines' the below 2 auth-contraints (in which each exists in it's own security-constraint)

<auth-constraint/> {A}

..and...

<auth-constraint> {B}
<role-name>*</role-name>
</auth-constraint>

I know 'A' means no one can access and 'B' means everyone has access but am confused which is the winner when their combined?

Any thoughts/advice would be great.
Thanks, Ro.


 
Ankit Garg
Sheriff
Posts: 9580
33
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When you have an empty auth-constraint element, it will always take precedence so no one will have access to the resource...
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic