• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Mandatory elements inside <security-constriant>?

 
Sagar Shroff
Ranch Hand
Posts: 209
Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello ranchers i am having huge confusion regarding the mandatory elements inside the <security-constriant> element.
Now i am gonna note down following points please correct me if i am wrong

1.<web-resource-collection> is a mandatory element.
- Inside <web-resource-collection>
a.<web-resource-name> is mandatory
b.<url-pattern> is mandatory
c.<http-method> is optional

-<auth-constriant> is optional
-<user-data-constraint> is optional
-<transport-guarantee> is optional

2 <login-config> is optional

Please correct me if i am WRONG in the above statements
--------------------------------------------------------------------------------------------------
Now my second question is how many instance of each element can be present ?
<web-resource-collection> can be 1 to many
<url-pattern> can be 1 to many
<http-method> can be 0 to many
<auth-constriant> can be 0 to 1
<user-data-constraint> can be 0 to 1
<transport-guarantee> can 0 to 1

Please correct me if i am WRONG in the above statements
--------------------------------------------------------------------------------------------------

If i have missed anything above your valuable suggestions are really welcomed,will help me understand the concept better

P.S i have tried reading specs but i am not able to understand so i decided to count on you guys as you always do help me

Regards,
Sagar

 
shailesh thakur
Greenhorn
Posts: 15
Eclipse IDE MySQL Database Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi sagar,

I think <login-config> element is mandatory because a user needs to be authenticated before the authorization is done.

If you are following HFSJ , then page 666 provides a good idea.
 
Sagar Shroff
Ranch Hand
Posts: 209
Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
shailesh thakur wrote:Hi sagar,

I think <login-config> element is mandatory because a user needs to be authenticated before the authorization is done.

If you are following HFSJ , then page 666 provides a good idea.



Yes i am wrong login-config is mandatory in case where user needs to be authenticated.
Shailesh what are your views on the other's ? any idea ?
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2441
95
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Check this SecurityConstraint of the xsd

1.<web-resource-collection> is a mandatory element.
- Inside <web-resource-collection>

Do you mean mandatory inside <security-constraint>? Yes, that is correct
a.<web-resource-name> is mandatory
b.<url-pattern> is mandatory
c.<http-method> is optional

-<auth-constriant> is optional
-<user-data-constraint> is optional

Correct
<transport-guarantee> is optional

No, if you have a <user-data-constraint>, then the <transport-guarantee> is mandatory

2 <login-config> is optional

Correct, it doesn't have to be there

<web-resource-collection> can be 1 to many
<url-pattern> can be 1 to many
<http-method> can be 0 to many
<auth-constriant> can be 0 to 1
<user-data-constraint> can be 0 to 1

Correct

<transport-guarantee> can 0 to 1

<transport-guarantee> should be 1 ( inside the user-data-constraint)

Regards,
Frits
 
Sagar Shroff
Ranch Hand
Posts: 209
Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks again !

Regards Sagar.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic