Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

problem regarding empty auth-constraint tag

 
Deep Mukherjee
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have created one jsp and called a servelt from there .My JSP contains following code

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<form method=GET action="TestServlet">
<INPUT TYPE=SUBMIT>
</form>
</body>
</html>

I have wriiten a sysout state ment in servlet post method.I have put a security constrain in web.xml like this


<security-constraint>
<web-resource-collection>
<web-resource-name>TestWebProject</web-resource-name>
<url-pattern>/TestWebProject/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
</auth-constraint>
</security-constraint>


as my </auth-constraint> tag is blank according to defination Post method should not be invoked .But in this case it is getting called and i can see Sysout statement in console .Can any one help where i am wrong?
 
J. Kevin Robbins
Bartender
Pie
Posts: 1801
28
Chrome Firefox Browser jQuery Linux MySQL Database Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You've constrained POST but your form is doing a GET. Once you list even a single method as constrained, all other methods are enabled for everyone.
 
Kumaravadivel Subramani
Ranch Hand
Posts: 171
Java Linux Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you want to enable constrains for GET method also have entry as below,

<http-method>GET</http-method>
<http-method> POST </http-method>
 
Deep Mukherjee
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have changed the security contrain like this

<security-constraint>
<web-resource-collection>
<web-resource-name>TestWebProject</web-resource-name>
<url-pattern>/TestWebProject/</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
</auth-constraint>
</security-constraint>


Still i am able to call the Get method.
 
Kumaravadivel Subramani
Ranch Hand
Posts: 171
Java Linux Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you post your whole web.xml and provide the URL in which you are accessing html file.
 
Rob Spoor
Sheriff
Pie
Posts: 20667
65
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please don't paste the entire web.xml yet. First filter out everything that's not related to the servlet in question, especially other servlets.

However, I think the problem is in the URL pattern. Your form action is "TestServlet". Your URL pattern is now "/TestWebProject/"; it was "/TestWebProject/*". My guess is that "TestWebProject" is the name of the web application. URL patterns are already relative to the web application. Change your URL pattern to "/*".
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic