• Post Reply Bookmark Topic Watch Topic
  • New Topic

Merging of auth-contraints in security-contraints

 
Ronan Dowd
Ranch Hand
Posts: 84
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ranchers!,

Question re: auth-contraint in the web.xml. I'm just wondering what happens when the
container 'merges/combines' the below 2 auth-contraints (in which each exists in it's own security-constraint)

<auth-constraint/> {A}

..and...

<auth-constraint> {B}
<role-name>*</role-name>
</auth-constraint>

I know 'A' means no one can access and 'B' means everyone has access but am confused which is the winner when their combined?

Any thoughts/advice would be great.
Thanks, Ro.


 
Ankit Garg
Sheriff
Posts: 9597
36
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When you have an empty auth-constraint element, it will always take precedence so no one will have access to the resource...
 
Gravity is a harsh mistress. But this tiny ad is pretty easy to deal with:
the new thread boost feature: great for the advertiser and smooth for the coderanch user
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!